This week's book giveaway is in the Agile and other Processes forum.
We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line!
See this thread for details.
The moose likes JDBC and the fly likes Problems of Quotations in SQL Syntax Big Moose Saloon
  Search | Java FAQ | Recent Topics
Register / Login


Win a copy of The Mikado Method this week in the Agile and other Processes forum!
JavaRanch » Java Forums » Databases » JDBC
Reply Bookmark "Problems of Quotations in SQL Syntax" Watch "Problems of Quotations in SQL Syntax" New topic
Author

Problems of Quotations in SQL Syntax

Adnan Memon
Ranch Hand

Joined: Mar 09, 2003
Posts: 32
posted private message
0
Quote
Its been a problem where we are to post data input by user to databases..user can put any number of quotation marks single or double...one proactive approach is to parse the input text before constructing SQL query...i want to know is there any well known solution to it?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

I like...
Eclipse IDE Hibernate Java
posted private message
0
Quote
Yes. Used a PreparedStatement. This explicitly binds Strings to statement values, so you can chuck it any number of characters which will cause problems in an ordinary statement and it will correctly escape them.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
 
I agree. Here's the link: http://zeroturnaround.com/jrebel - it saves me about five hours per week
 
subject: Problems of Quotations in SQL Syntax
 
Similar Threads
avoid sql injection
Toplink
Prototype and Scriptaculous
SQL Injection and Cross Side Scripting
Edit HTTP response