• Post Reply Bookmark Topic Watch Topic
  • New Topic

\' postrophy problem

 
Mark Antone
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello every body i have problem in SQl syntax :
the problem is i have JSP page accepted parameters and put them in strings like this:

String Question = request.getParamerter("QuestionsD");

and this question will have any carachter also special characters like this

What is # your age $?

thsi will intered to database succefully but when my question has ' like

what's your age? is face error in sql syntax:

statement s = null;
Resultset st = s.executQuery("insert into tablename(questionDetail) values"+"('"+Question+"')");

the error is
SQL syntax in 's your and bla blah...
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use a PreparedStatement, rather than a Statement and you won't have that problem.
[ April 05, 2006: Message edited by: Paul Sturrock ]
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prepared statement is my favorite answer for many reasons, but if you have some reason you can't do that, see the StringEscapeUtils
 
What are you doing? You are supposed to be reading this tiny ad!
the new thread boost feature brings a LOT of attention to your favorite threads
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!