This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
I'm using mysql-connector to talk to a mysql database a lot of the data I'm messing with is in the form of strings is there a handy function for handling special characters in strings? at the moment I'm having trouble with stings that contain an apostrophe I think you need to escape them with a backslash, just wondering if there's some function to do it for me
You should be using PreparedStatement instead of Statement; PreparedStatement lets you isolate the database code (the SQL) from the database data (your String objects).
Besides dealing with the quote issue, this also is more secure (Google for "SQL injection") and helps to avoid datatype conversion issues, especially implicit type conversions performed by the database, which can often be difficult to supply correct error handling for. On many databases, PreparedStatement will also perform better when the same SQL statements are executed again, but I don't think MySQL is one of those databases (yet, it's a pretty common DB optimisation technique, and they'll probably get to sometime).
PreparedStatement also lets you avoid all that string construction mess; that mess can hide subtle errors and just consumes a lot of programming time in the long run, especially when doing maintenance programming. All those constructed Strings have to get garbage collected too, which is a subtle drag on your applications performance, though usually not a critical issue except in large volume applications.
Yes, at least with a driver that truly conforms to the JDBC standard. MySQL's driver certainly does in this respect.
Joined: Sep 16, 2003
wanted to thank you for the advice I already had quite a bit of code written to do what I'm messing with and it was a lot of trouble to change it, but it's worth it the way preparedStatements handle strings and dates makes life WAY easier