Hi, I am now writing a servlet program, using
JDBC SQL Statement to insert data into a database. The following is part of my
code,
String
question=req.getParameter("customer_question");
Statement stmt=con.createStatement();
String query= "INSERT INTO customer(customer_question)"+"values ('"+question+"')";
stmt.executeUpdate(query);
"customer_question" is the name of a
text field in the form of my .html file involving the servlet program. If I type
"What's your name?" into the text field and submit the form to active
the servlet, then I find the servlet can't pass through this statement
"stmt.executeUpdate(query);". I used try{}catch(SQLException e) {},
and was told that "count field incorrect". So, I guess the
"'" mark in my input is the reason of my problem. In fact, the
""" mark can also cause some probelm, though not "count
field incorrect". So far I don't know whether other symbol characters will
cause the query statement fail.
Could you help me to solve the problem, so that I can input
any character into the text field and execute the Update statment
successfully?
Thank you for your time!
