Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

handling strings

 
Dave Robbins
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello All

I'm using mysql-connector to talk to a mysql database
a lot of the data I'm messing with is in the form of strings
is there a handy function for handling special characters in strings?
at the moment I'm having trouble with stings that contain an apostrophe
I think you need to escape them with a backslash, just wondering if there's some function to do it for me

Thanks
Dave
 
stu derby
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should be using PreparedStatement instead of Statement; PreparedStatement lets you isolate the database code (the SQL) from the database data (your String objects).

Besides dealing with the quote issue, this also is more secure (Google for "SQL injection") and helps to avoid datatype conversion issues, especially implicit type conversions performed by the database, which can often be difficult to supply correct error handling for. On many databases, PreparedStatement will also perform better when the same SQL statements are executed again, but I don't think MySQL is one of those databases (yet, it's a pretty common DB optimisation technique, and they'll probably get to sometime).

PreparedStatement also lets you avoid all that string construction mess; that mess can hide subtle errors and just consumes a lot of programming time in the long run, especially when doing maintenance programming. All those constructed Strings have to get garbage collected too, which is a subtle drag on your applications performance, though usually not a critical issue except in large volume applications.

Here's a brief tutorial:
http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
 
Dave Robbins
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
so let's say I want to put the string "xxx'xxx" into table "foo"
if I do something like this

PreparedStatement ps = con.prepareStatement("UPDATE FOO SET MYFIELD = ?");
ps.setInt(1, "xxx'xxx");

the apostrophe will be handled properly?

Thanks
Dave
 
Dave Robbins
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sorry
that would be setString
 
stu derby
Ranch Hand
Posts: 333
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, at least with a driver that truly conforms to the JDBC standard. MySQL's driver certainly does in this respect.
 
Dave Robbins
Ranch Hand
Posts: 131
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Stu,

wanted to thank you for the advice
I already had quite a bit of code written to do what I'm messing with and it was a lot of trouble to change it, but it's worth it
the way preparedStatements handle strings and dates makes life WAY easier

Thanx
Dave
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic