• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Escaping Characters in SQL Queries

 
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Im trying to figure out how I can escape special characters in string constants in my SQL Query.
Is there any utility function I can use to do this? In the lack of this, anyone have any idea of the list of chars that need to be escaped (i know ' and % for instance) and their escape sequences, so that I can write one myself?
I am connecting to an ACCESS DB using Sun's JDBCODBC Bridge.
(BTW, Right now I am somewhat regretting this decision and wishing I had gone w/ ADO instead, because of this and other char encoding issues... Just a little 2 cents)
Best, Tap
 
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best idea that I have seen come from this discussion in previous postings is to use the PreparedStatement. This way, you do not have to worry about special characters. Special characters are dependant on which database vendor you use, which does not make your code portable. Have you tried the PreparedStatement instead of the Statement?
Jamie
 
Tapan Parikh
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I dont think Java's JDBCODBC Bridge supports auto-escaping of chars in conn.prepareStatement. It just fires an exception when the query contains invalid chars...
 
Jamie Robertson
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is a static method that I used before the PreparedStatement. The escape character in Oracle for ' was adding another single quote(''). You should replace the escape values to that of your database documentation.

I included the main method in it so you can see it run.
hope this helps,
Jamie
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic