Follow something like this : public static String transformDatabaseStatement(String statement) { String sqlStatement = ""; if (statement.indexOf("'") > 0) { sqlStatement = statement.replaceAll("'", "''"); } else { sqlStatement = statement; } return sqlStatement; }
Then call this method when passing your values to your insert method. José Gustavo Zagato Rosa System Analyst - Atos Origin [EMAIL PROTECTED] -----Original Message----- From: Manuel Lenz [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 24 de outubro de 2003 11:43 To: Struts Users Mailing List Subject: far reaching db question I create DB-Inserts from my struts application. But If an user types in the sign ' any dynamicly created inserts fail. This ist because of the sql-syntax which divides the string which will be saved with '. For example: insert into table test (name, number) values ('mr burns', '01723256477'); How can I handle inserts in html-formulars which have the typed sign ' ? Greetings, Manuel --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]