Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within JDBC and Relational Databases Search Coderanch
Advance search Google search
Register / Login
book review grid advertise on coderanch granny polymorphism thread boost
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
building better world book advertise on coderanch thread boost book review grid meaningless drivel
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Update statement in SQL in which name already contains an apostrophe

 
Sherin Mathew
Ranch Hand
Posts: 95
posted 4 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
How to Update a record in SQL wherein name as: Name=a'bcd and UserId = 11

.NET Developer at iFour Technolab Pvt LTd

 
Tim Moores
Saloon Keeper
Posts: 7590
177
posted 4 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Single quotes can be escaped by replacing them with two single quotes:

'Name=a''bcd and UserId = 11'

Or you can use a PreparedStatement which takes care of this for you.
 
Sherin Mathew
Ranch Hand
Posts: 95
posted 4 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Thank you.
Will try this way!

.NET Developer at iFour Technolab Pvt LTd

 
Tim Holloway
Saloon Keeper
Posts: 27807
196
I like...
Android Eclipse IDE Tomcat Server Redhat Java Linux
posted 4 years ago
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator

Tim Moores wrote:Single quotes can be escaped by replacing them with two single quotes:



However, this is how you do an SQL Injection Attack if the SQL is built from substrings.

Tim Moores wrote:Or you can use a PreparedStatement which takes care of this for you.



Which avoids that particular security loophole.

The secret of how to be miserable is to constantly expect things are going to happen the way that they are "supposed" to happen.

You can have faith, which carries the understanding that you may be disappointed. Then there's being a willfully-blind idiot, which virtually guarantees it.

 
wood burning stoves
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...