The PreparedStatement is probably the best approach, but the other way is to
use a StringBuffer to build your newly adorned SQL string.
(*Chris*)
----- Original Message -----
From: Scott Neufeld <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 28, 1999 1:18 PM
Subject: Re: Strings in SQL
> Personally, I think there's an easier way that won't cause you to rewrite
a lot
> of code.
>
> Use prepared statements! Then, replace the ? parameters with the values
from
> getParameter(). JDBC will take care of the single-quotes without you
having to
> worry about them.
>
>
> jon * wrote:
>
> > > I hope someone could help me out. I've encountered a problem using
strings
> > > to prepare the SQL statements before executing it. I've noticed that
the
> > > database can't interpret the SQL statement if one of my users use an
> > > apostrophy ( ' ) in one of the fields of that SQL statement.
> > >
> > > Seems that I have to append another aposthrophy after the first one so
that
> > > it could work. So, I've been thinking of a way of replacing the
particular
> > > character but the replace method under the Strings could only replace
one
> > > character for one character. Is there any way of replacing a character
like
> > > the apostrophy with a group of characters like ( '' ) so that it could
get
> > > executed?
> > >
> > > Or is there another way around this problem? Your help would be much
> > > appreciated. Till then.
> >
> > Use village or town...
> >
> > <http://www.working-dogs.com/village/>
> > <http://www.working-dogs.com/town/>
> >
> > Here is an example:
> >
> > TableDataSet tds = new TableDataSet ( connection, "table_name", new
> > KeyDef().addAttrib("key_column_name"))
> > Record rec = tds.addRecord();
> > rec.setValue ("column_name", "'");
> > rec.save();
> > tds.close();
> >
> > It's easy. It's fast. It works.
> >
> > -jon
> >
> >
___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
