struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Graham <grahamdavid1...@yahoo.com>
Subject [OT] Re: far reaching db question
Date Fri, 24 Oct 2003 15:47:09 GMT
> I create DB-Inserts from my struts application.
> But If an user types in the sign ' any dynamicly created inserts fail.
> This ist because of the sql-syntax which divides the string which will
> be
> saved with '.
> 
> For example: insert into table test (name, number) values ('mr burns',
> '01723256477');
> 
> How can I handle inserts in html-formulars which have the typed sign ' ?
> 

Always use PreparedStatements.  They handle the ' for you and prevent
other SQL injection attacks.

David

> Greetings,
> Manuel
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: struts-user-help@jakarta.apache.org
> 


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message