tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Duck-Jin Chun <>
Subject RE: before I go insane
Date Wed, 13 Sep 2000 22:37:36 GMT
Sounds like you can get the request parameter fine... but you're having
problems with constructing the sql statement.  Assuming that you're
using jdbc for your DB access... you can try using a
java.sql.PreparedStatement and setting the parameter using setString(). 
The JDBC classes will take care of escaping any characters that need to
be escaped.
[blah, blah, blah]
PreparedStatement ps = con.createStatement("select * from books where
book_name = ?");
ps.setString(1, "john's books");
ResultSet rs = ps.executeQuery();
[yadda, yadda, yadda]
Good luck,

-----Original Message-----
From: Luis Andrei Cobo []
Sent: Wednesday, September 13, 2000 5:09 PM
Subject: before I go insane

Can someoen please tell me how to escape a single quote in a request
for example, a text field paramter was " john's books" and I need to put
that in a sql statement as" john''s books" ( two singlequotes)
how do I do this?
replace('\u2032','\u2032\u2032'); doesnt seem to work

View raw message