"Tiffany C." wrote: > > Hello, > > I have a jsp file with a html form in it. Once the > form is completed and submitted: the file is sent back > to the same jsp file, a sql statement is made from the > information entered in the form, and finally the sql > statement is sent to the MySQL database. > > If someone enters a single quote or ' in the form the > sql statement breaks. I've found that adding '' in > place of ' will solve the problem. For example > O'Kelly will break the sql but O''Kelly will work. > > How can I search for single quotes and replace them > with two single quotes? Is there a Java class that is > applicable? > > Your help is appreciated!! Thank you.
This is a very frequently asked question. Please search the archives before posting to the list; you typically get an answer faster, you can compare the alternative solutions offered by different replies, and you help keep the list focused on new, unanswered questions instead of answering the same questions over and over again. The URL for the list archive is at the end of every mail: <http://archives.java.sun.com/jsp-interest.html> Briefly, though, the best solution is to use a PreparedStatement and setString(); it takes care of escaping all special characters as appropriate for the specific database you use (the rules differ between database engines) and also guards against crackers trying to get your SQL processing to do more than you ever wanted ;-) The archives have a lot more details on this. Hans -- Hans Bergsten [EMAIL PROTECTED] Gefion Software http://www.gefionsoftware.com Author of JavaServer Pages (O'Reilly), http://TheJSPBook.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
