• Post Reply Bookmark Topic Watch Topic
  • New Topic

Is there is any class available to escape query strings?[unsolved]  RSS feed

 
Raghavan Chockalingam
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I need some function in Java like mysql_real_escape_string() or addslashes() in PHP. Are there any classes available that expose methods like those...
An example where I need this is..
I get name from user: Name: o'reilly
example query which would cause problem:

I want this coded as
 
Stuart Ash
Ranch Hand
Posts: 637
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This should help?
 
Ernest Friedman-Hill
author and iconoclast
Sheriff
Posts: 24217
38
Chrome Eclipse IDE Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The idiomatic solution is to use java.sql.PreparedStatement. You use wildcards for literal data, then plug your values in; they're escaped automatically by the driver.
 
Raghavan Chockalingam
Ranch Hand
Posts: 77
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's good to know that PreparedStatements automatically escape strings...
The common package has functions I need but I never have used commons.lang package.

is this package already available with default JDK installation?
do I have to install any other package to make these classes available?
do I have to set classpath as well?
how do I refer these classes in my programs...say Commmons.lang.StringEscapeUtils.escapeJava(String)
 
Ulf Dittmer
Rancher
Posts: 42972
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you check the javadocs of your Java installation to see if it is available?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!