• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

apostrophe problem in JSTL SQL SELECT query

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i want to fetch data from product table where Cat_Name=Kid's Clothing

but it is not fetching the data of kid's clothing because it contains single quote. i have find the solution for that i.e replace function to escape the single quote but still it is not working

here is my JSTL code:





kindly suggest the answer.

Thank you.

 
Bartender
Posts: 3648
16
Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to use \\ to escape special characters.

 
Bhagyashri Chaudhari
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes. i used that but that was also not working.

fine i have got the solution

i just replace this code




with

this one














 
Master Rancher
Posts: 4668
49
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Putting aside that the query tag shouldn't really be used outside of prototyping, you should be using the <sql:param> tag to bind the cat variable, so using it as a PreparedStatement.
At the moment you have something that is prone to SQL injection.
 
    Bookmark Topic Watch Topic
  • New Topic