Best practice is to USE a DAO, like iBatis or Hibernate, thus not having to code to low level API, but just the application itself and use persistence, as opposed to bit twiddling. Take a look at DB Layer .PDF on iBatis.com.
.V
Sasha Borodin wrote:
You could use a PreparedStatement, which automatically escapes single quotes, I believe:
String sqlStmt = "INSERT INTO table1 (col1) VALUES (?)";
pstmt = con.prepareStatement(sqlStmt);
pstmt.setString(1, someStringWhichMightHaveQuotes);
rs = pstmt.executeQuery();
HTH,
-Sasha
On 10/24/03 09:42, "Manuel Lenz" <[EMAIL PROTECTED]> wrote:
I create DB-Inserts from my struts application. But If an user types in the sign ' any dynamicly created inserts fail. This ist because of the sql-syntax which divides the string which will be saved with '.
For example: insert into table test (name, number) values ('mr burns', '01723256477');
How can I handle inserts in html-formulars which have the typed sign ' ?
Greetings, Manuel
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Victor Cekvenich, Struts Instructor (215) 321-9146
Advanced Struts Training <http://basebeans.com/do/cmsPg?content=TRAINING> Server Side Java training with Rich UI, mentoring, designs, samples and project recovery in North East. Simple best practice basic Portal, a Struts CMS, Membership, Forums, Shopping and Credit processing, <http://basicportal.com> software, ready to develop/customize; requires a db to run.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]