• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

\' postrophy problem

 
Mark Antone
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello every body i have problem in SQl syntax :
the problem is i have JSP page accepted parameters and put them in strings like this:

String Question = request.getParamerter("QuestionsD");

and this question will have any carachter also special characters like this

What is # your age $?

thsi will intered to database succefully but when my question has ' like

what's your age? is face error in sql syntax:

statement s = null;
Resultset st = s.executQuery("insert into tablename(questionDetail) values"+"('"+Question+"')");

the error is
SQL syntax in 's your and bla blah...
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use a PreparedStatement, rather than a Statement and you won't have that problem.
[ April 05, 2006: Message edited by: Paul Sturrock ]
 
Stan James
(instanceof Sidekick)
Ranch Hand
Posts: 8791
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Prepared statement is my favorite answer for many reasons, but if you have some reason you can't do that, see the StringEscapeUtils
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic