This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Servlets and the fly likes How you guys treat the Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "How you guys treat the " or Watch "How you guys treat the " or New topic
Author

How you guys treat the " or ' fields inputs?

Ken Shamrock
Ranch Hand

Joined: Jan 23, 2002
Posts: 139
For a form field, if users input " or ', we will have trouble when storing them into database. What is the standard way to solve this cases?
for me, this only solution I can think of is to read every field's input , if it have ' or " character, it will be replaced by \' or \" , isn't it? I wonder if we have better way dealing with that.


Thanks everyone who helped me
Ruchi Kolla
Greenhorn

Joined: Jan 24, 2002
Posts: 19
" doesn't have any problem if you store in database. The only problem is with single quote '. If you are preparing a SQL query with the form submission values you need to escape the single quote by adding another single quote.
If you have option of PreparedStatement you need not worry about escaping these quotes. PreparedStatement will automatically takes care of special characters.
For escaping the single quotes the bestway is to write small function and append another single quote.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Even easier if you use a PreparedStatement to insert the data rather than a Statement - you don't have to do anything at all.
The PreparedStatement will manage escaping special characters for you.
Dave
Ken Shamrock
Ranch Hand

Joined: Jan 23, 2002
Posts: 139
Oh I understand, thanks guys.
 
 
subject: How you guys treat the " or ' fields inputs?