aspose file tools*
The moose likes JDBC and the fly likes how to handle single qotes (' ') in query Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "how to handle single qotes ( Watch "how to handle single qotes ( New topic
Author

how to handle single qotes (' ') in query

deepak62002
Greenhorn

Joined: Aug 17, 2001
Posts: 9
hi,
i have a problem when i am passing value from html page,
suppose value i am passing is for example- medical'respriation'
in sql how i will handle single qoutes,
can any one ple help me.
thanx in advance
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

either use a single quote twice, or use a PreparedStatement. I prefer the PreparedStatement solution since you don't have to do anything special to handle them, it just happens like magic.
Dave.
deepak62002
Greenhorn

Joined: Aug 17, 2001
Posts: 9
hi david,
thanx but i am getting value dynamically,means in html list box there r many item ,for some single quotes are there and for some there is no single qoutes,value without single qoutes is working fine,but problem i am getting in single qoutes,
i will be thankful if u explain by giving example,by writing query
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Something like this:

The question mark in the statement gets swapped with whatever gets passed in via the request parameter and it doesn't matter whether the string passed in has a single quote or not.
Is this what you were looking for?
Dave.
deepak62002
Greenhorn

Joined: Aug 17, 2001
Posts: 9
hi david,
thanx a lot,yaa i was looking for that.
one more thing i want to ask,will this be same for oracle
in case of oracle what we have to do.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

PreparedStatement is an interface that is implemented by whichever JDBC Driver you are using. It then becomes the responsibility of that particulat JDBC package to handle how special characters etc get treated.
The short answer to this is that yes, as long as the drivers you use fully implement the JDBC standard, this code should work regardless of the actual database you use it for.

Dave
(oh, and someone will probably mention that your name doesn't conform with the Javaranch naming standards)
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: how to handle single qotes (' ') in query