• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Problems of Quotations in SQL Syntax

 
Adnan Memon
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Its been a problem where we are to post data input by user to databases..user can put any number of quotation marks single or double...one proactive approach is to parse the input text before constructing SQL query...i want to know is there any well known solution to it?
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes. Used a PreparedStatement. This explicitly binds Strings to statement values, so you can chuck it any number of characters which will cause problems in an ordinary statement and it will correctly escape them.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic