I think you're wrong on this one. I've used PreparedStatements many many
times for this exact problem and it works great. Check your implementation.
"T.A. Flores" <[EMAIL PROTECTED]>
Sent by: "A mailing list for discussion about Sun Microsystem's
Java Servlet API
Technology." <[EMAIL PROTECTED]>
04/04/01 04:05 PM
Any replies will be addressed to: "A mailing list for discussion
about Sun Microsystem's Java
Servlet API Technology."
To: [EMAIL PROTECTED]
cc:
Subject: Re: how to escape apostrophe
I've personally done the prepared statement bit. Not sure if it was my
implementation, although I doubt it, but it didn't work to solve this
type of problem.
Now, I'm not saying not to use prepared statement on the contrary,
however, what I am saying escape that single quote before that string
gets to the prepared statement. Moreover, Prepared statement is only a
parameterized statement - not a save all. Since the original poster is
potentially receiving single quotes in unknown quantities or locations
this works just fine.
I've been known to be wrong on occasion so if you still think I'm
wrong - tell you what, just for grins and giggles, give it a try and
let me know. . .
IMHO - this has been the best way to solve this particular problem.
----- Original Message -----
From: Dion Almaer <[EMAIL PROTECTED]>
Date: Wednesday, April 4, 2001 4:07 pm
Subject: Re: how to escape apostrophe
> This code looks like there is an if () { do x } else { do x }.
> Don't you want to do something other than just an append if the
> char is '?
>
> To solve the problem at hand, I would just use a
> PreparedStatement, using
> question
> marks for the bindings, and then set the value. A ' will be safe
> then.
> E.g.
>
> PreparedStatement ps = conn.prepareStatement("INSERT INTO NAME
> (NAME, ID)
> VALUES (?, ?)");
>
> // Set parameters and run the statement.
> ps.setString(1, "Dion Almaer");
> ps.setInt(2, 1);
> ps.executeUpdate();
>
> // Set parameters and run the
> // statement again.
> ps.setString(1, "Tim O'reilly");
> ps.setInt(2, 2);
> ps.executeUpdate();
>
> Obviously, I am not doing any checking of the ps.executeUpdate(),
> or closing
> the ps and conn as you would do.
>
> Dion
>
>
>
> > -----Original Message-----
> > From: A mailing list for discussion about Sun Microsystem's Java
> Servlet> API Technology. [mailto:[EMAIL PROTECTED]]On
> Behalf Of T.A.
> > Flores
> > Sent: Wednesday, April 04, 2001 4:02 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: how to escape apostrophe
> >
> >
> > This question comes up very frequently - I posted code sometime back
> > that is a sure fire fix to that problem -
> >
> >
> > public String apQuote(String s ) {
> > StringBuffer result = new StringBuffer();
> >
> > for (int i=0;i<s.length();i++) {
> > char c = s.charAt(i);
> > if (c!=39){ result.append(c);
> > }else{
> > result.append(c);
> > } //end if
> > }
> > es = result.toString( );
> > return es;
> > }
> >
> >
> > ----- Original Message -----
> > From: Randy Troppmann <[EMAIL PROTECTED]>
> > Date: Wednesday, April 4, 2001 2:22 pm
> > Subject: how to escape apostrophe
> >
> > > Hello all,
> > >
> > > When I accept input from an HTML form, apostraphes(single quotes)
> > > screw up
> > > my SQL query syntax. I tried to write a method that searched the
> > > string and
> > > put an escape character in front, but this wouldn't work for
> me. I
> > > endedsubstituting the ' character with I think is an accent
> grave `.
> > >
> > > Does anyone have a better idea?
> > >
> > > Thanks!
> > > Randy Troppmann
> > >
> > >
> >
>
________________________________________________________________________
> ___
> > > To unsubscribe, send email to [EMAIL PROTECTED] and
> include in
> > > the body
> > > of the message "signoff SERVLET-INTEREST".
> > >
> > > Archives: http:
> > > Resources: http://java.sun.com/products/servlet/external-
> > > resources.htmlLISTSERV Help:
> > > http://www.lsoft.com/manuals/user/user.html
> >
> > __________________________________________________________________
> > _________
> > To unsubscribe, send email to [EMAIL PROTECTED] and include
> > in the body
> > of the message "signoff SERVLET-INTEREST".
> >
> > Archives: http:
> > Resources: http://java.sun.com/products/servlet/external-
> resources.html> LISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html>
>
>
________________________________________________________________________
___
> To unsubscribe, send email to [EMAIL PROTECTED] and include in
> the body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http:
> Resources: http://java.sun.com/products/servlet/external-
> resources.htmlLISTSERV Help:
> http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
