The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

Java Answers Forum
How to parse ', (, ) and other special characters

2 replies on 1 page. Most recent reply: Mar 5, 2004 9:16 AM by Charles Bell

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 2 replies on 1 page
Tuan

Posts: 1
Nickname: tjtee
Registered: Mar, 2004

How to parse ', (, ) and other special characters Posted: Mar 2, 2004 3:40 PM
Reply to this message Reply
Advertisement
I am doing a form post to get a description input from user.


<INPUT class=inputText TYPE="text" NAME="f_description" MAXLENGTH="200" SIZE="40" VALUE="">

String l_description= request.getParameter("f_description");

String sqlInsert="INSERT INTO myTable (DESCRIPTION) VALUES('"+l_description +"')";

CM.executeUpdate (sqlInsert);


I am using Oracle database. When the data entered consist of ', (, ) it will break the sql Statement. What can I do to solve this problem?

Thank you.


Viswanatha Basavalingappa

Posts: 84
Nickname: viswagb
Registered: Nov, 2003

Re: How to parse ', (, ) and other special characters Posted: Mar 3, 2004 7:58 AM
Reply to this message Reply
Hi,

Yes it is the common problem every one face...

if you are inserting data which is like this..

"I'm going to office", ----> here you have "'" single quote this has to be replaced with "''" single quote two times..
as bellow


"I''m going to office".


Hope this helps you.
Viswa
---------

Charles Bell

Posts: 519
Nickname: charles
Registered: Feb, 2002

Re: How to parse ', (, ) and other special characters Posted: Mar 5, 2004 9:16 AM
Reply to this message Reply
Your code should be parsing the text input before executing an sql statement. The way you have it written, a clever hacker type could insert almost anything in there and screw up your database.

And when it happens the database administrator may be knocking on your door with some very bad news about your future employment with the company.

Flat View: This topic has 2 replies on 1 page
Topic: jtapi implementation Previous Topic   Next Topic Topic: How to put it into Class Method
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use