Sure, use PreparedStatements instead of executeQuery. ps.setString(1,
"This ain't wrong"); will handle escaping properly.
On Sat, 19 Aug 2000, Neal Cabage wrote:
> I am building a dB interface where people will enter free-form information,
> and would like to facilitate the the possiblity that someone might enter an
> apostrophe.
>
> Since a apostrophe (') is used to enclose string values within an SQL
> statement, when building SQL statements within JSP, it will be necessary to
> go through and replace these apostrophes with the character escape value - a
> double tic ('').
>
> PROBLEM:
> Though I have found a replace method for the String class, it apparently
> only replaces characters, not substrings and so I would only be able to
> replace the tic with a single other character ... or so I believe.
>
> I am hoping that there is something I am missing and there is a method that
> will allow me to replace the (') single tics with ('') double tics, and vice
> versa. Does anyone know of anything?
>
> Thanks!
> Neal
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
-----------------------------------------------------------
Joseph B. Ottinger [EMAIL PROTECTED]
http://cupid.suninternet.com/~joeo HOMES.COM Developer
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
