• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Inserting Apostrophes Into MySQL

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am relatively new to JSP and am trying to make a form to insert some articles my friends and I are writing. The problem is when I try to insert an apostrophe into my form it causes an error in my JSP. I have read some things on escape characters and such but I am a little confused. I have also tried using tinyMCE so I can keep the punctation for my articles but that seems to present problems because it is inserting special characters to form the HTML. I tried using an escapeXML string for my input but when I display the page all the characters are escaped. What should I do? Is there a setting in MySQL or is there some kind of easy little trick I am overlooking? Please advise...

Thank you so much for your consideration and help!!!

Matt
matthewallannewman@yahoo.com
 
Ranch Hand
Posts: 120
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
First of all JSP is not a place you should be accessing your database from, please use JSP for View of MVC only.

You can solve the problem by using java.sql.PreparedStatements instead of java.sql.Statement to insert the data into database.
 
Ma New
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why do you say I should only use JSP for the MVC? With all due respect, I don't understand why they would make all kinds of tools to access a database from JSP using services such as the SQL portion of JSTL if you were to only supposed to use JSP for the MVC. Additionally, how would I use the prepared statement to fix the problem of things like apostrophes. Like I said I am new to Java Servlets and JSP so I am just trying to figure out how all this stuff works. My reference material is all in book for with people who all have differing opinions of how you should use this kind of technology. Thank you for your prompt response.

Kindest regards,

Matt
 
Bartender
Posts: 2661
19
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
(skipping the MVC part, and reverting to the original question)

Additionally, how would I use the prepared statement to fix the problem of things like apostrophes.

Moojid has pointed you to the right approach.

if you create an SQL statement with PreparedStatement, you bind your values to the query, in stead of inserting them.
Magically, all your apostrophe problems are gone. No escapes hassle or anything.
It's not difficult. Give it a try.



 
Ma New
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
According to my JavaDocs for JSTL all SQL executions are done in a PreparedStatement. Here is the following information from the Javadoc:


public interface SQLExecutionTag
This interface allows tag handlers implementing it to receive values for parameter markers in their SQL statements.

This interface is implemented by both <sql:query> and <sql:update>. Its addSQLParameter() method is called by nested parameter actions (such as <sql:param>) to substitute PreparedStatement parameter values for "?" parameter markers in the SQL statement of the enclosing SQLExecutionTag action.

The given parameter values are converted to their corresponding SQL type (following the rules in the JDBC specification) before they are sent to the database.

Keeping track of the index of the parameter values being added is the responsibility of the tag handler implementing this interface

The SQLExcecutionTag interface is exposed in order to support custom parameter actions which may retrieve their parameters from any source and process them before substituting them for a parameter marker in the SQL statement of the enclosing SQLExecutionTag action

Author:
Justyna Horwat



How is it that the JSTL method would have issues inserting?
 
Marshal
Posts: 28177
95
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What makes you think that the JSTL has "issues" with inserting?

(Remember, you're the only one in this conversation who has seen the error messages.)
reply
    Bookmark Topic Watch Topic
  • New Topic