Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to handle single qotes (' ') in query

 
deepak62002
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,
i have a problem when i am passing value from html page,
suppose value i am passing is for example- medical'respriation'
in sql how i will handle single qoutes,
can any one ple help me.
thanx in advance
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
either use a single quote twice, or use a PreparedStatement. I prefer the PreparedStatement solution since you don't have to do anything special to handle them, it just happens like magic.
Dave.
 
deepak62002
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi david,
thanx but i am getting value dynamically,means in html list box there r many item ,for some single quotes are there and for some there is no single qoutes,value without single qoutes is working fine,but problem i am getting in single qoutes,
i will be thankful if u explain by giving example,by writing query
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Something like this:

The question mark in the statement gets swapped with whatever gets passed in via the request parameter and it doesn't matter whether the string passed in has a single quote or not.
Is this what you were looking for?
Dave.
 
deepak62002
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi david,
thanx a lot,yaa i was looking for that.
one more thing i want to ask,will this be same for oracle
in case of oracle what we have to do.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
PreparedStatement is an interface that is implemented by whichever JDBC Driver you are using. It then becomes the responsibility of that particulat JDBC package to handle how special characters etc get treated.
The short answer to this is that yes, as long as the drivers you use fully implement the JDBC standard, this code should work regardless of the actual database you use it for.

Dave
(oh, and someone will probably mention that your name doesn't conform with the Javaranch naming standards)
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic