Hi Lee,
Did you use PreparedStatement for your
insert/updates.
That should take care of the problem.
By concatenating the sqlstring and doing
a vanilla executeUpdate(), you run into
these problems.
Also CallableStatement is another way you
can run PROCEDURES on the database/server side
and pass in/out parameters.
I do this all the time, when I want to insert data and
return a manufactured primary key in one statement.
String sName="John's Manufacturing";
String ins_sql="begin insert into company(id,name) " +
" values(seq_id.nextval,?) returning id into ? ; END;";
CallableStatements cs=conn.prepareCall(ins_sql);
cs.setString(1,sName);
cs.registerOutParameter(2,Types.INTEGER);
cs.executeUpdate();
id=cs.getString(2); // can coerce it to a string on retrieving.
conn.commit();
Cheers,
Joel
Lee Turner wrote:
> Hi
>
> I was wondering how people were handling the entry of the single quote
> character in their user data. The reason I ask is because I have a user
> bean that uses a combination of CMP and some JDBC to handle a few extra bits
> that I need the bean to do. The problem occurred when I entered o'brian as
> the username in the system I am developing. The data was stored in the
> system so I take it that CMP handles the fact that a ' was in the username
> (am I correct in this assumption), but when it came to the JDBC to insert
> the username in a different table it threw and error. The error was the
> fact that Oracle didn't think that my SQL statement was formed properly as
> it uses single quotes around the data values in the INSERT statement.
>
> Now as I understand it, you can put another single quote in front of the one
> in the user data (o''brian) and the database will handle it, so what I was
> wondering was if this is what people are doing in their systems or there is
> a better way of doing it. Wouldn't it slow the system down to have to check
> every piece of data being entered into the system ??? I think that I have
> read somewhere that using a PreparedStatement handles this problem for you.
> Is this correct, as this could be a solution ??
>
> I am sorry that this is more of a JDBC problem than a EJB problem, but I
> couldn't find a JDBC-INTEREST list on the Java web site.
>
> Thanks in advance
> Lee
>
> _________________________________
>
> Lee Turner
> Systems Developer
> Information Technology Leeds
> _________________________________
>
> Watt Gilchrist Ltd
> Ring Road, West Park
> Leeds, LS16 6RA
> Tel: 0113 288 3200
> Fax: 0113 275 1690
> http://www.wattgilchrist.co.uk
> _________________________________
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
--------------------------------------
RHINO Systems Inc.
RDBMS and Internet development
Java/EJB/Oracle systems
www.rhinosystemsinc.com
Phone: 530-888-6248 x205
EFAX#: (425)969-0745
--------------------------------------
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
