You could use a PreparedStatement, which automatically escapes single
quotes, I believe:
String sqlStmt = "INSERT INTO table1 (col1) VALUES (?)";
pstmt = con.prepareStatement(sqlStmt);
pstmt.setString(1, someStringWhichMightHaveQuotes);
rs = pstmt.executeQuery();
HTH,
-Sasha
On 10/24/03 09:42, "Manuel Lenz" <[EMAIL PROTECTED]> wrote:
>
>
>
>
>
> I create DB-Inserts from my struts application.
> But If an user types in the sign ' any dynamicly created inserts fail.
> This ist because of the sql-syntax which divides the string which will be
> saved with '.
>
> For example: insert into table test (name, number) values ('mr burns',
> '01723256477');
>
> How can I handle inserts in html-formulars which have the typed sign ' ?
>
> Greetings,
> Manuel
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
