Someone is definitely working too hard here. If you don't want to mess with any of
this
parsing and character substitution, there is a better alternative already provided in
the JDBC API:
PreparedStatement stmt =
conn.prepareStatement("update customers set name = ? where account_no = ?");
stmt.setString(1, "Joe's Bar and Grill"); // NOTE - embedded quote!
stmt.setLong(2, 123);
stmt.executeUpdate();
stmt.close();
The database driver is responsible for parsing any strings and escaping special
characters. As an added bonus, your own code is database-independent -- you don't have
to know what characters need to be escaped, and what the prefix character is.
There are also many packages around that can hide the nitty gritty details of the
SQL statements entirely.
Craig McClanahan
"Steven J. Owens" wrote:
> Cheong Takhoe asks:
> > I hope someone could help me out. I've encountered a problem using strings
> > to prepare the SQL statements before executing it. aI've noticed that the
> > database can't interpret the SQL statement if one of my users use an
> > apostrophy ( ' ) in one of the fields of that SQL statement.
> > Seems that I have to append another aposthrophy after the first one so that
> > it could work.
>
> In some SQL flavors you use a double-apostrophe (''), in some you
> can use a backslash-apostrophe (\') to escape the character.
>
> > So, I've been thinking of a way of replacing the particular
> > character but the replace method under the Strings could only replace one
> > character for one character. Is there any way of replacing a character like
> > the apostrophy with a group of characters like ( '' ) so that it could get
> > executed?
>
> If you're using Java 1.2, put the text in a StringBuffer and use
> StringBuffer.delete(start, stop) and StringBuffer.insert(start,
> newstring). I was bemoaning this general issue a few weeks back
> (maybe it was on Advanced-Java). Java's string stuff is incredibly
> awkward and annoying compared to some languages (and I seem to recall
> frequently seeing phrases like "java has great string handling" in
> various literature...).
>
> For earlier versions, it looks like to best bet is just to split
> the old String up into a string starting before the piece you wish to
> replace, and after the piece you wish to replace, and then concatenate
> the beginning, plus your new string, plus the ending.
>
> I ended up writing a simple little method to do it. Not that
> this is rocket science, but since it isn't, why isn't this part of
> some generic utility package?
>
> public String substitute(int begin, int end, String newstring, String oldstring) {
> // replace a given range of characters in this.body with the newstring
> // begin is decremented one, so you can use the return from
> // String.substring without modification.
>
> // Correct for the braindead substring gotcha so string[0 to begin] does
> // not include the first character of the substring you want to replace.
> begin-- ;
>
> // Now get the piece before our range
> String beginning = oldstring.substring(0, begin) ;
> // And the piece after our range
> String ending = oldstring.substring(end, body.length()) ;
> // And concatenate them all together
> String results = beginning + newstring + ending ;
> return results ;
>
> // Yes, I probably should have used stringbuffers or something.
> }
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
