0

I have a script where it is necessary to add now in the current statement a received COMMENT text from the user as parameter. Below is an example but it is failing. Can someone help me with this ?

\<sup\>#!/usr/bin/ksh

export COMMENTS=${1}
echo ${COMMENTS}
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values ('${COMMENTS}');
commit;
EOF\</sup\>

When we execute it fails because special character.

<kbd>test.ksh "Let's test this  ##@@"
Let's test this ##@@
=========================================
ERROR:
ORA-01756: quoted string not properly terminated</kbd>

Note: The user can be put any comment. Whatever comment the user add should be stored in the table.

Carlos Andre Cardoso
  • 11
  • 1

1 Answers1

2

Either:

  1. Escape the single quote in the string value when you pass it in:

    test.ksh "Let''s test this  ##@@"

  2. Use a q-quoted string (and don't pass the closing expression for the q-quoted string as a sub-string of your argument):

    #!/usr/bin/ksh

export COMMENTS=${1}
echo ${COMMENTS}
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values (q'[${COMMENTS}]');
commit;
EOF

  3. Or replace all the single quotes with two single quotes:

    #!/usr/bin/ksh 

export COMMENTS="$(echo $1 | sed "s/'/''/g")"
echo "$COMMENTS"
echo "========================================="

sqlplus -s $CONNECT_STRING \<\<-EOF
whenever sqlerror exit 2;
insert into TEST_CACM (COMMENTS) values ('${COMMENTS}');
commit;
EOF

  4. Don't use SQL*Plus. Instead write a small application in another language (i.e. Python, Java, C#, etc.) that allows you to use parameterised queries and pass the command-line argument as a bind variable.

MT0
  • 143,790
  • 11
  • 59
  • 117