Solved

Encoding Escape Characters In SQL Statements Executed Through PowerShell

Posted on 2008-10-31
8
1,605 Views
Last Modified: 2012-05-05
Hello,

I am attempting to execute a an SQL query through PowerShell against an MS Access database.  My query works 99% of the time, but occasionally a localized string will cause an error beacuse it contains a single quote (') somewhere within the localized string.  You can look at the following example to get a better idea of what I am talking about:

SELECT TermNo, File, Context
FROM ExceptionFC
WHERE TermNo = 1
AND File = '\\fr\Content\fr_localized_content.xml'
AND Context = '(le second niveau), lequel doit accéder aux ressources d'un serveur de base de données ou d'un partage réseau (le troisième niveau). Le jeton de sécurité principal utilisé entre le navigateur et le s'

In most languages I could add slashes to this string to escape out the single quotes (') in the string.  But I don's seem to be able to do that in PowerShell.

Is there a way I can execute this query within PowerShell and receive an accurate response back from the database?

Thank you.
test-scripts.zip
0
Comment
Question by:bgsullivan
  • 3
  • 3
  • 2
8 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
for SQL you need to double the single quote
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
To answer your question directly
- The escape character in Powershell is backtic "`"
You could do a -replace on the string like this
$string -replace "'","``'"

Probably a better option is to use this script from Lee
http://www.leeholmes.com/blog/InteractingWithSQLDatabasesInPowerShellInvokeSqlCommand.aspx
0
 

Author Comment

by:bgsullivan
Comment Utility
Yeah, i've tried that and I still get errors.  For instance, the following SQL:

SELECT TermNo, File, Context
FROM ExceptionFC
WHERE TermNo = 1
AND File = '\\fr\Content\fr_localized_content.xml'
AND Context = '(le second niveau), lequel doit accéder aux ressources d`'un serveur de base de données ou d`'un partage réseau (le troisième niveau). Le jeton de sécurité principal utilisé entre le navigateur et le s'

Will return the following error:

Exception calling "Fill" with "1" argument(s): "Syntax error (missing operator) in query expression 'TermNo =2 AND File = '\\it\itlocalization.xls' AND Context = '(le second niveau), lequal doit acceder aux ressources d'un serve'." At C:\Temp\test_script_failing.ps1:29 char 22 + [void] $adapter.fill(<<<< $dataset)

When I remove the single quotes from the 'Context' string it works fine.  Any further ideas?
0
 
LVL 18

Expert Comment

by:BSonPosh
Comment Utility
Where is the code that creates $dataset?

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:bgsullivan
Comment Utility
I included test scripts that will replicate the error in the origional post.  If you download the ZIP file you will find a working example and a failing example.

Thanks.
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 225 total points
Comment Utility
> .. "Syntax error (missing operator) in query expression
sounds like an error from yur db
As I already said: you need to double single quotes in your text *before* you pass it to the database.
0
 
LVL 18

Assisted Solution

by:BSonPosh
BSonPosh earned 225 total points
Comment Utility
I agree with ahoffmann that the error is being returned by SQL.

I would replace the inner single quotes "'"  with double quotes "
-replace "'","`""

or as ahoffmann suggest... double the internal single quotes
-replace "'","`'`'"
0
 

Author Comment

by:bgsullivan
Comment Utility
Sorry for the delay in response but I was in meetings all day yesterday.  The single escape sequence solution does not work but the dual escape sequence does work.  Thank you both for your help.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
"Migrate" an SMTP relay receive connector to a new server using info from an old server.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now