This page contains an archived post to the Java Answers Forum made prior to February 25, 2002. If you wish to participate in discussions, please visit the new Artima Forums.

Message:

Try using a PreparedStatementinstead of Statement

Posted by Jeff Kinsey on August 26, 2000 at 5:45 PM

> I created a servlet application. Whenever the user enters any string with single quotes, it throwsa sql exception. How do I parse the the string to take care of the quotes.

I have experienced the same problem and was able to get around
it using the PreparedStatement.

ps = conn.prepareStatement("select * from table where var = ?");
ps.setObject(1, someString);