While many creative ideas and questions surrounding them have 'grown' from this
topic I think that we need to come back to the basics here. All that Randy
wants to accomplish is to stop the user from crashing the code by entering an
apostrophy (or any other dangerous character).
For any user input that I take I always pass it through the URLEncoder class.
When I need to retreive it just pass it through the URLDecoder class. This was
originally ment to encode URLs to fit the URL standard which takes out almost
any offending escape character.
Ex.
input = request.getParameter("parameterX");
String encodedInput = URLEncoder.encode(input);
This has been one of the simplest yet most helpful additions I have ever made
to my sites. While it may render some raw SQL selects from the database a
little messy to read I think it's worth it. Plus for most user input if they
don't enter any special characters nothing gets encoded and the encoded output
is just the same as the input.
Hope that this helps,
Matt Penner
Quoting "T.A. Flores" <[EMAIL PROTECTED]>:
> FYI - keep posts below 300 lines or they will be rejected. Now back to
> our regularly sponsored programming. . . .
>
> Stephen we'd all like to be right . . .
>
> Hmmm - not quite sure and at this point I won't be able to find out
> because I am no longer with the company where I had this problem. Not
.
.
.
> > > ----- Original Message -----
> > > From: Randy Troppmann <[EMAIL PROTECTED]>
> > > Date: Wednesday, April 4, 2001 2:22 pm
> > > Subject: how to escape apostrophe
> > >
> > > > Hello all,
> > > >
> > > > When I accept input from an HTML form, apostraphes(single
> quotes)> > > screw up
> > > > my SQL query syntax. I tried to write a method that searched
the
> > > > string and
> > > > put an escape character in front, but this wouldn't work for
> > me. I
> > > > endedsubstituting the ' character with I think is an accent
> > grave `.
> > > >
> > > > Does anyone have a better idea?
> > > >
> > > > Thanks!
> > > > Randy Troppmann
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
