Follow something like this :
public static String transformDatabaseStatement(String statement) {
String sqlStatement = "";
if (statement.indexOf("'") > 0) {
sqlStatement = statement.replaceAll("'", "''");
} else {
sqlStatement = statement;
}
return sqlStatement;
}
Then call this method when passing your values to your insert method.
José Gustavo Zagato Rosa
System Analyst - Atos Origin
[EMAIL PROTECTED]
-----Original Message-----
From: Manuel Lenz [mailto:[EMAIL PROTECTED]
Sent: sexta-feira, 24 de outubro de 2003 11:43
To: Struts Users Mailing List
Subject: far reaching db question
I create DB-Inserts from my struts application.
But If an user types in the sign ' any dynamicly created inserts fail.
This ist because of the sql-syntax which divides the string which will
be
saved with '.
For example: insert into table test (name, number) values ('mr burns',
'01723256477');
How can I handle inserts in html-formulars which have the typed sign ' ?
Greetings,
Manuel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
