Hello, I am writing a Java program which needs to insert names, which may contain commas, single quotes (') and so on. Currently I have a line which states as follows: "INSERT INTO TBNAMES VALUS ('clientNumber', 'name');" It is throwing an error when the name contains a single quote (ORA-00917 : missing comma) Then I changed the code as follows: "INSERT INTO TBNAMES VALUS (:clientNumber, :name);" Now it complains that not all variables defined (ORA-01008 : Not all variables defined). Can any one shead some light on this? Thanks Suresh
are you using a PreparedStatement? Other wise, if you encounter a customer with the name O'Neil, your statement will be incorrect. You can correct the statement by escaping all special characters in a method you call for every value, or just use PreparedStatement and it will take care of it for you. If you post the actual offending code (your queries that you posted don't make much sense) , it would be easier to tell you exactly what is wrong. about your query: you posted "INSERT INTO TBNAMES VALUS ('clientNumber', 'name');". If this is what you have in your program you should change it to: "INSERT INTO TBNAMES VALUES('" + clientNumber + "', '" + name + "')" if clientNumber and name are variables. Also, leave out the semi-colon at the end.