SQL 将带双引号的字符串插入表中
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14660666/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Inserting a string with double quotes into a table
提问by Loren Ramly
I'm using Oracle 10g and I'm having a problem inserting a string with double quotes into a table. This is my statement
我正在使用 Oracle 10g,但在将带双引号的字符串插入表中时遇到问题。这是我的声明
INSERT INTO USERS (ID, NAME, USERNAME) VALUES (NULL, "tes", "hello");
The query above fails with the error "Oracle column not allowed here".
上面的查询失败并显示错误“此处不允许使用 Oracle 列”。
If I change double quotes to single quotes, as below the statement is successful.
如果我将双引号更改为单引号,则如下语句成功。
INSERT INTO USERS (ID, NAME, USERNAME) VALUES (NULL, 'tes', 'hello');
But, I want to insert the double quotes into the table.
但是,我想将双引号插入表中。
Is it possible to have double quote in strings in an insert statement? I don't want to use REPLACE() because my query is automatically generated from an array.
是否可以在插入语句中的字符串中使用双引号?我不想使用 REPLACE() 因为我的查询是从数组自动生成的。
回答by Ben
A double quote is used to denote a quoted identifier, i.e. an object name that does not solely consist of alpha-numeric characters, $and #. As an aside, it's recommended that you do notuse quoted identifiers. This is the reason for your original ORA-00984 error. Oracle is assuming that "tes"is a column, not a string, and you can't use a column name in the VALUES clause of an INSERT statement, as explained in the error message.
双引号用于表示带引号的标识符,即不完全由字母数字字符$和#. 顺便说一句,我们建议您不要不使用带引号的标识符。这就是您原来的 ORA-00984 错误的原因。Oracle 假设这"tes"是一个列,而不是一个字符串,并且您不能在 INSERT 语句的 VALUES 子句中使用列名,如错误消息中所述。
In order to insert the string"tes"into a table you need to ensure that it is quoted correctly:
为了将字符串"tes"插入表中,您需要确保正确引用它:
Character literals are enclosed in single quotation marks so that the database can distinguish them from schema object names.
字符文字用单引号括起来,以便数据库可以将它们与模式对象名称区分开来。
Any character can be part of a string so in order to insert a double quote into a table you need to enclose it within single quotes.
任何字符都可以是字符串的一部分,因此为了在表中插入双引号,您需要将其括在单引号中。
insert into users (id, name, username)
values (null, '"tes"', '"hello"');
Here's a SQL Fiddleto demonstrate.
这是一个用于演示的SQL Fiddle。
One additional thing to note. You state that this query is automatically generated, which means you maybe vulnerable to SQL injection. I would highly recommend reading about bind variables in Guarding Against SQL Injection.
需要注意的另一件事。您声明此查询是自动生成的,这意味着您可能容易受到 SQL 注入的攻击。我强烈建议阅读Guarding against SQL Injection 中的绑定变量。
回答by Alen Oblak
It is possible. In Oracle, you quote string literals using single quotes.
有可能的。在 Oracle 中,您使用单引号引用字符串文字。
If you want to insert testinto the database then you must quote that as 'test'.
如果要插入test数据库,则必须将其引用为'test'.
INSERT INTO USERS (NAME) VALUES ('test');
If you want to insert "test"into the database then you must quote that as '"test"'.
如果要插入"test"数据库,则必须将其引用为'"test"'.
INSERT INTO USERS (NAME) VALUES ('"test"');
回答by TechDo
Try wrapping the values inside single quotes.
尝试将值括在单引号内。
INSERT INTO USERS (ID, NAME, USERNAME) VALUES (NULL, '"tes"', '"hello"');
