Hey!
Martin's advice below is the best. All the other that came before is crap.
Their solutions may not be portable from db to db.
Why are so many afraid to use the prepared statment.
Jennifer, even though you called this a Servlet Bug, it is not.
Please do not post off-topic questions to this SERVLET-INTEREST list.
Please let's drop this thread.
Sans adieu,
Danny Rubis
Martin Cooper wrote:
> Your "database" code looks a little odd. It seems more like you're using a
> CSV file than a real database, except that you're using JDBC to access it.
> Is there a reason you're combining everything into one database column,
> instead of having a column for each value?
>
> In any case, the way to avoid the type of quoting problem you're seeing is
> to use prepared statements (java.sql.PreparedStatement) instead of building
> the string yourself.
>
> --
> Martin Cooper
> Tumbleweed Communications
>
> ----- Original Message -----
> From: "Jennifer Feeney" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, February 08, 2001 5:56 PM
> Subject: Servlet Bug!!
>
> > Hi all,
> >
> > Once again, thanks to anyone that can offer any help or advise on
> > this one!
> >
> > I have found a bug in my servlet......
> >
> > Description:
> > ========================================================
> > I have a servlet developed that allows users to register for
> > a service, it all works great, except for one thing, if a person
> > enters a Surname of the O'Rourke, O'Reilly, type I get the following
> > message........
> >
> > java.sql>SQLException:Syntax Error(Missing Operator) in expression
> > Query.
> >
> > I know what causes the error, its the " ' " character that messes
> > up my InsertIntoDB query......
> >
> > The code snippet below is what I am using, can anyone tell me how i
> > could modify it to allow surnames of this type to be accepted and not
> > generate an error.
> >
> > Code Snippet:
> > ================================================================
> >
> > boolean success = insertIntoDB(
> > "'" + email + "','" + firstName + "','" + lastName + "','" +
> > telNo + "','" + address1 + "','" + address2 +
> > "','" + county + "','" + country + "','" +
> > (String.valueOf(IdNo)) + "','" + password + "'");
> > ================================================================
> > End Code:
> >
> > Ps I tried the archives, but the server is down.....
> >
> > Thanks again to anyone that may be able to help.
> >
> > Regards,
> > Jennifer
> >
> > _____________________________________
> >
> > Get your free E-mail at http://www.ireland.com
> >
> >
> ___________________________________________________________________________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in the
> body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http://archives.java.sun.com/archives/servlet-interest.html
> > Resources: http://java.sun.com/products/servlet/external-resources.html
> > LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
> ___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
