I'm doing a simple insert into an Oracle table, but it blows up if any of the fields contain a single quote. Does
JSP have an equivilant to ASP's Replace function?
Here's a simplified version of the code (there are actually many more fields):
<%
String employee = null;
try {
%>
<req:existsParameter name="employee">
<%employee = request.getParameter("employee");
%>
</req:existsParameter>
<sql:connection id="conn1">
<sql:url>
jdbcracle:thin:air/air@172.20.96.10:1521:sunfire</sql:url>
<sql:driver>oracle.jdbc.driver.OracleDriver</sql:driver>
</sql:connection>
<sql:preparedStatement id="stmt1" conn="conn1">
<%
sql = "insert into AIR_ACCIDENTS (EMPLOYEE_NAME) values ('" + employee + "')"
%>
<sql:query>
<%=sql%>
</sql:query>
<sql:execute>
</sql:execute>
</sql:preparedStatement>
How can I handle an entry from John O'Malley?