Is there is any class available to escape query strings?[unsolved]
Raghavan Chockalingam
Ranch Hand
Joined: Dec 20, 2005
Posts: 77
posted
0
I need some function in Java like mysql_real_escape_string() or addslashes() in PHP. Are there any classes available that expose methods like those... An example where I need this is.. I get name from user: Name: o'reilly example query which would cause problem:
The idiomatic solution is to use java.sql.PreparedStatement. You use wildcards for literal data, then plug your values in; they're escaped automatically by the driver.
It's good to know that PreparedStatements automatically escape strings... The common package has functions I need but I never have used commons.lang package.
is this package already available with default JDK installation? do I have to install any other package to make these classes available? do I have to set classpath as well? how do I refer these classes in my programs...say Commmons.lang.StringEscapeUtils.escapeJava(String)
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35258
7
posted
0
Did you check the javadocs of your Java installation to see if it is available?
![The moose likes Java in General and the fly likes Is there is any class available to escape query strings?[unsolved]](http://cache-www.coderanch.com/mooseImages/moosefly.gif)
![Bookmark "Is there is any class available to escape query strings?[unsolved]"](http://cache-www.coderanch.com/templates/default/images/bookmark_it.gif "You must login or register"){kind=small}
![Watch "Is there is any class available to escape query strings?[unsolved]"](http://cache-www.coderanch.com/templates/default/images/watch_topic_start.gif "You must login or register"){kind=small}
0
