On Sun, 23 Feb 2003, I-Lin Kuo wrote:
> I really do need to do this, as I'm generating insert statements for the
> database. My information comes in the form of XML documents which I'm
> partially pulling apart to enter in the database. Unfortunately, I can't
> just take the information between the tags and generate an insert statement,
> because the characters '?& have special meaning and have to be escaped.
Ah, I see. If you're using XSP and assigning the strings to variables, the
escaping is taken care of automatically for you:
<xsp:logic>
String text = <xsp-request:get-parameter name="text" default=""/>;
</xsp:logic>
<esql:connection>
<esql:pool>foo</esql:pool>
<esql:execute-query>
<esql:query>INSERT INTO MyTable(Text) VALUES
(<esql:parameter><xsp:expr>text</xsp:expr></esql:parameter>)</esql:query>
</esql:execute-query>
</esql:connection>
See http://xml.apache.org/cocoon/userdocs/xsp/esql.html for information on
Prepared Statements.
Hope that helps,
Andrew.
--
Andrew Savory Email: [EMAIL PROTECTED]
Managing Director Tel: +44 (0)870 741 6658
Luminas Internet Applications Fax: +44 (0)700 598 1135
This is not an official statement or order. Web: www.luminas.co.uk
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
