Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accept characters like '

Status
Not open for further replies.
RicardoPereira

RicardoPereira

Programmer
Jun 3, 2003
255
PT
i have a bean with a method that accept the client parameter. The problem is when i search a client with that character ' in the middle, like o'conner. How can i use this characters?

code:
public ArrayList getClients(String Client) throws SQLException {
ArrayList res=new ArrayList();
Connection con = getConnection();
PreparedStatement pstmt=
con.prepareStatement("exec Clients '" + Client + "'");

ResultSet rslt=pstmt.executeQuery();
while (rslt.next()) {
res.add(new TblClients (rslt.getString(1),rslt.getString(2),rslt.getString(3)) );
}
rslt.close();
pstmt.close();
con.close();
return res;
}
 
Sort by date Sort by votes
Here is an example of how to do this :
Code: 
PreparedStatement pstmt = con.prepareStatement("select * from bla where client = '?'");
pstmt.setString(1, Client);
ResultSet rslt = pstmt.executeQuery();

--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
In that case why are you using PreparedStatement ? You should be using CallableStatement.

--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
use double '

for each string that you use in query search for ' and put one more ' .
for example
Code: 
String query = "select ... from palyers where col_name = 'o[b]''[/b]conner'"
 
Upvote 0 Downvote
fuadhamidov :

This really is not a good way of doing it because it is prone to SQL injection attacks.

Depending on how JDBC compliant your driver is, the syntax should be :
Code: 
CallableStatement cstmt = con.prepareCall("{ Clients(?) }");
cstmt.setString(1, Client);
ResultSet rslt = cstmt.executeQuery();
[code]


--------------------------------------------------
Free Database Connection Pooling Software
[URL unfurl="true"]http://www.primrose.org.uk[/URL]
 
Upvote 0 Downvote
What is the main difference between CallableStatement and PreparedStatement ?
 
Upvote 0 Downvote
sedj:

With your i got the error
Microsoft][SQLServer 2000 Driver for JDBC]Invalid parameter binding(s).
 
Upvote 0 Downvote
Have you tried :

Code: 
CallableStatement cstmt = con.prepareCall("{ call Clients[?]}");

or 

CallableStatement cstmt = con.prepareCall("{ exec Clients[?]}");

or 

CallableStatement cstmt = con.prepareCall("{ call Clients(?)}");

or 

CallableStatement cstmt = con.prepareCall("{ exec Clients(?)}");

Did you read the docs on it (the link I posted earlier) ? What about your SQLServer documentation on the driver ?

--------------------------------------------------
Free Database Connection Pooling Software
 
Upvote 0 Downvote
yes but i got everytime the same error:
Microsoft][SQLServer 2000 Driver for JDBC]Invalid parameter binding(s).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sgbender
  • Locked
  • Question
Special Characters in JSP
Replies
3
Views
124
MoreFeo
MoreFeo
aarushi2001
  • Locked
  • Question
Handling Escape Characters
Replies
2
Views
47
aarushi2001
aarushi2001
MaxGeek
  • Locked
  • Question
How to do something like Post Back in JSP
Replies
3
Views
81
venur
venur
kizziebutler
  • Locked
  • Question
Displaying Limited characters or Words 1
Replies
5
Views
40
kizziebutler
kizziebutler
jdbolt
  • Locked
  • Question
Is there a way to check whether a variable exists, like isset() in php
Replies
12
Views
281
venur
venur

Part and Inventory Search

Sponsor

Back
Top