Hello,
I creating insert and update SQLs in my servlet from a data entry HTML form.
However the user may enter values like "isn't" which messes up my
SQL statements.
I need to replace each occurence of "'" (single quote) with "''" ( two
single quotes).
I have added the following code to escape the special characters:
//escape special characters
if (form_field_data_type[i].compareTo("C") == 0 )
{
int pos = 0;
boolean found = false;
int len = value.length();
while ((pos != -1) && (pos <= len))
{
pos = value.indexOf("'",pos);
if (pos == -1) { break;}
found = true;
value = value.substring(0, pos ) + "'" +
value.substring(pos);
pos = pos + 2;
}
if (found)
{
form_field_value[i] = value;
}
}
Is there any easier way to achieve this. I understand that I can use
prepared statement which handles all these for me but that would require lot
of changes in my code!!
thanks,
Saurabh
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
