This week's book giveaways are in the AI and JavaScript forums.
We're giving away four copies each of GANs in Action and WebAssembly in Action and have the authors on-line!
See this thread and this one for details.
Win a copy of GANs in ActionE this week in the AI forum
or WebAssembly in Action in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Knute Snortum
Sheriffs:
  • Liutauras Vilda
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Joe Ess
  • salvin francis
  • fred rosenberger

apostrophe problem in JSTL SQL SELECT query

 
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i want to fetch data from product table where Cat_Name=Kid's Clothing

but it is not fetching the data of kid's clothing because it contains single quote. i have find the solution for that i.e replace function to escape the single quote but still it is not working

here is my JSTL code:





kindly suggest the answer.

Thank you.

 
Bartender
Posts: 3648
16
Mac OS X Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You need to use \\ to escape special characters.

 
Bhagyashri Chaudhari
Greenhorn
Posts: 8
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes. i used that but that was also not working.

fine i have got the solution

i just replace this code




with

this one














 
Rancher
Posts: 4450
47
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Putting aside that the query tag shouldn't really be used outside of prototyping, you should be using the <sql:param> tag to bind the cat variable, so using it as a PreparedStatement.
At the moment you have something that is prone to SQL injection.
 
Sometimes you feel like a nut. Sometimes you feel like a tiny ad.
Sauce Labs - World's Largest Continuous Testing Cloud for Websites and Mobile Apps
https://coderanch.com/t/722574/Sauce-Labs-World-Largest-Continuous
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!