This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
This is my code:: String insertthis="This is a s'amp'le test"; String sql="insert into tableA values(insertthis)"; ResultSet rs=stmt.execSQL(sql); The upperquotes in the text which im trying to insert is creating problem.Can any one throw me some code to effectively use escape characters i.e replacing the upperquotes with the the appropriate escape characters
Thanx for all your replies You have wrongly interpreted my question String insertthis="This is a s'amp'le test"; String sql="insert into tableA values('"+insertthis+"')"; The query is fine.The actual problem is like this, Since there theres some singlequotes(') in the text which im trying to insert im getting sql exception.Now I want any one of you guys to tell me,how to escape the singlequotes(')
Listen to the Bear. People often think that the only use for a PreparedStatement is when you're using the same query many times. However this is a good example of another case when you should consider using a PreparedStatement. If you move between databases, you'll quickly find that some use single quotes for delimiters, some use double quotes, and other support either. Handling nested single and/or double quotes is tricky. The other "hard" data type is the date or timestamp. Every database has a different format for how you specify the value. If you use a PreparedStatement, you don't have to worry about what delimiters are used with character data, what escape character should be used with quotes [or other special characters], or what format your date or time needs to be in. The drivers handle that auto-magically. And your code becomes much more portable between different databases.
Joined: Mar 09, 2004
Thanx for Bear ,William and every one, This is the code I tried, String psql="insert into labgeneral (labgeneral_labid,labgeneral_slogan,labgeneral_logo,labgeneral_image,labgeneral_imagetext,labgeneral_para1,labgeneral_para2)"+ "values(?,?,?,?,?,?,?)"; out.println(psql); PreparedStatement pstmt=con.prepareStatement(psql); int labidi=Integer.parseInt(labid); pstmt.setInt(1,labidi); pstmt.setString(2,T1); pstmt.setString(3,logoname); pstmt.setString(4,imagename); pstmt.setString(5,T2); pstmt.setString(6,S1); pstmt.setString(7,S2); pstmt.executeUpdate(); I am able to insert the string with quotes sucessfully,but while retriving im not getting that upper quotes,insted I get some symbol  like this in the place of quotes.How to overcome this?