I use prepared statements which escapes the text for me ;-) I've seen other people use utilities to escape the text, but this is not something that is provided by the framework. Struts is model neutral.
-- Ted Husted, Husted dot Com, Fairport NY USA. -- Custom Software ~ Technical Services. -- Tel +1 716 737-3463 -- http://www.husted.com/struts/ [EMAIL PROTECTED] wrote: > > Hi Ladies and Gentlemen > > I want to insert data into a database. I have the database connection > set up and in the case of data without special characters the insert > works fine. > However, the data is coming from a form on a html page and the user can > insert special characters, in particualar characters like > > \ > ' > > cause a problem when I try and insert into the database since they are not > escaped when I construct the query which is put into the database. Does > Struts provide function/s which can help with inserting text from a html > form into a database. > How do other people handle this situtation? > > Cheers > > Tony > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
