This code looks like there is an if () { do x } else { do x }.
Don't you want to do something other than just an append if the char is '?
To solve the problem at hand, I would just use a PreparedStatement, using
question
marks for the bindings, and then set the value. A ' will be safe then.
E.g.
PreparedStatement ps = conn.prepareStatement("INSERT INTO NAME (NAME, ID)
VALUES (?, ?)");
// Set parameters and run the statement.
ps.setString(1, "Dion Almaer");
ps.setInt(2, 1);
ps.executeUpdate();
// Set parameters and run the
// statement again.
ps.setString(1, "Tim O'reilly");
ps.setInt(2, 2);
ps.executeUpdate();
Obviously, I am not doing any checking of the ps.executeUpdate(), or closing
the ps and conn as you would do.
Dion
> -----Original Message-----
> From: A mailing list for discussion about Sun Microsystem's Java Servlet
> API Technology. [mailto:[EMAIL PROTECTED]]On Behalf Of T.A.
> Flores
> Sent: Wednesday, April 04, 2001 4:02 PM
> To: [EMAIL PROTECTED]
> Subject: Re: how to escape apostrophe
>
>
> This question comes up very frequently - I posted code sometime back
> that is a sure fire fix to that problem -
>
>
> public String apQuote(String s ) {
> StringBuffer result = new StringBuffer();
>
> for (int i=0;i<s.length();i++) {
> char c = s.charAt(i);
> if (c!=39){ result.append(c);
> }else{
> result.append(c);
> } //end if
> }
> es = result.toString( );
> return es;
> }
>
>
> ----- Original Message -----
> From: Randy Troppmann <[EMAIL PROTECTED]>
> Date: Wednesday, April 4, 2001 2:22 pm
> Subject: how to escape apostrophe
>
> > Hello all,
> >
> > When I accept input from an HTML form, apostraphes(single quotes)
> > screw up
> > my SQL query syntax. I tried to write a method that searched the
> > string and
> > put an escape character in front, but this wouldn't work for me. I
> > endedsubstituting the ' character with I think is an accent grave `.
> >
> > Does anyone have a better idea?
> >
> > Thanks!
> > Randy Troppmann
> >
> >
> ________________________________________________________________________
> ___
> > To unsubscribe, send email to [EMAIL PROTECTED] and include in
> > the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http:
> > Resources: http://java.sun.com/products/servlet/external-
> > resources.htmlLISTSERV Help:
> > http://www.lsoft.com/manuals/user/user.html
>
> __________________________________________________________________
> _________
> To unsubscribe, send email to [EMAIL PROTECTED] and include
> in the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
