This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes JDBC and Relational Databases and the fly likes Problems of Quotations in SQL Syntax Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Databases » JDBC and Relational Databases
Bookmark "Problems of Quotations in SQL Syntax" Watch "Problems of Quotations in SQL Syntax" New topic

Problems of Quotations in SQL Syntax

Adnan Memon
Ranch Hand

Joined: Mar 09, 2003
Posts: 32
Its been a problem where we are to post data input by user to databases..user can put any number of quotation marks single or proactive approach is to parse the input text before constructing SQL query...i want to know is there any well known solution to it?
Paul Sturrock

Joined: Apr 14, 2004
Posts: 10336

Yes. Used a PreparedStatement. This explicitly binds Strings to statement values, so you can chuck it any number of characters which will cause problems in an ordinary statement and it will correctly escape them.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: Problems of Quotations in SQL Syntax
It's not a secret anymore!