• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How you guys treat the " or ' fields inputs?

 
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
For a form field, if users input " or ', we will have trouble when storing them into database. What is the standard way to solve this cases?
for me, this only solution I can think of is to read every field's input , if it have ' or " character, it will be replaced by \' or \" , isn't it? I wonder if we have better way dealing with that.
 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
" doesn't have any problem if you store in database. The only problem is with single quote '. If you are preparing a SQL query with the form submission values you need to escape the single quote by adding another single quote.
If you have option of PreparedStatement you need not worry about escaping these quotes. PreparedStatement will automatically takes care of special characters.
For escaping the single quotes the bestway is to write small function and append another single quote.
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Even easier if you use a PreparedStatement to insert the data rather than a Statement - you don't have to do anything at all.
The PreparedStatement will manage escaping special characters for you.
Dave
 
Ken Shamrock
Ranch Hand
Posts: 139
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Oh I understand, thanks guys.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic