Re: about the SQL statement in JDBC-SERVLET

Sun, 25 Apr 1999 03:23:57 -0700 

that stinks doesnt it:)

in order to insert a ' you have to pass two...so you must parse your
statement..when you find a ' add another so that the final string would look
like this

'What''s your name?'

i used StringTokenizer to accomplish this however i'm sure there are dozens
of ways.

Patrick
-----Original Message-----
From: A mailing list for discussion about Sun Microsystem's Java Servlet
API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of qian
jianhua
Sent: Sunday, April 25, 1999 4:52 AM
To: [EMAIL PROTECTED]
Subject: about the SQL statement in JDBC-SERVLET


Hi, I am now writing a servlet program, using JDBC SQL Statement to insert
data into a database. The following is part of my code,

String question=req.getParameter("customer_question");

Statement stmt=con.createStatement();
String query= "INSERT INTO customer(customer_question)"+"values
('"+question+"')";
stmt.executeUpdate(query);

"customer_question" is the name of a text field in the form of my .html file
involving the servlet program. If I type "What's your name?" into the text
field and submit the form to active the servlet, then I find the servlet
can't pass through this statement "stmt.executeUpdate(query);". I used
try{}catch(SQLException e) {}, and was told that "count field incorrect".
So, I guess the "'" mark in my input is the reason of my problem. In fact,
the """ mark can also cause some probelm, though not "count field
incorrect". So far I don't know whether other symbol characters will cause
the query statement fail.

Could you help me to solve the problem, so that I can input any character
into the text field and execute the Update statment successfully?

Thank you for your time!

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to