| Author |
Issue with a String Array.
|
Scott Updike
Ranch Hand
Joined: Feb 16, 2006
Posts: 92
|
|
All,
I have a routine that needs to create a string by concatenating a hard coded string with one element of a passed-in string array. Basically, I have the following code snippet:
This new_string value never gets created correctly - comes up as null. However, if I take out the two single quotes from the hard coded strings, then it gets created correctly. can someone point me to a resource that explains this? I'm not sure what I need to do. I need those single quotes to properly format a MySQL query.
Thanks in advance.
Scott
|
 |
Paul Clapham
Bartender
Joined: Oct 14, 2005
Posts: 16483
|
|
|
There isn't any resource that explains why that happens, mainly because it doesn't. I would ask you to post more code, but I'm going to focus on your comment about MySQL. Don't build queries for JDBC by concatenating a bunch of strings like that. For one thing it's hard to get all the quotes just right (as you already saw), but for another thing if your criteria[0] string contained a quote then your query would not be well-formed. And for another thing you open yourself to SQL injection attacks when you do that. You are far better off to use a PreparedStatement, then you would only need a single predefined query string in most cases.
|
|
Scott Updike
Ranch Hand
Joined: Feb 16, 2006
Posts: 92
|
|
Thanks. This was mainly used for testing query strings and thought preparedstatements might be too involved (they are used everywhere else in the base app). Ok, I'll continue using PreparedStatements...
Scott
|
|
 |
|
|
subject: Issue with a String Array.
|
|
|
0
