Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
MySql, jsp 1
- Thread starter sensory21
- Start date
try out
private static String replaceTick(String text) {
return text.replace('\'', ' ');
}
and or regular expressions for a more usable function
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
private static String replaceTick(String text) {
return text.replace('\'', ' ');
}
and or regular expressions for a more usable function
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
- Thread starter
- #4
It's not working, the java function is ok it will replace the single quote by nothing but I want to keep the single quote and insert it into mysql database?
I need to keep the original layout of the name:
John's House
I used to use PHP and you could with a function insert the single quote in the database with a backslash.
Vero
I need to keep the original layout of the name:
John's House
I used to use PHP and you could with a function insert the single quote in the database with a backslash.
Vero
- Thread starter
- #6
No Sedj just now but I don't understand how do you insert John''s House
anyway John's House could be anything entered in a form by a company and the company name is contained in a variable so I'd like to have a solution in case of a single quote in the String variable company_name?
Vero
anyway John's House could be anything entered in a form by a company and the company name is contained in a variable so I'd like to have a solution in case of a single quote in the String variable company_name?
Vero
derrr... forgot to add teh quote to that replace
apologies!!
sensory21.. we could go into a whole long discussion of why you should do this let alone the errors that are genearted by allowing ' in your SQL
reading up on some SQL Injection will greatly help you understand reasoning and security concerns better though
doubling the up in simple terms allows for the unterminted string error for one.
when it comes to SQL and if you do not double them up what happens is your statements are cut and ended mostly at the single instance of the apostrpophe.
so if you had
INERT INTO tbl SET names = 'john's'
all you get is
INERT INTO tbl SET names = 'john'
in all the second escapes the first
more explanations
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
apologies!!
sensory21.. we could go into a whole long discussion of why you should do this let alone the errors that are genearted by allowing ' in your SQL
reading up on some SQL Injection will greatly help you understand reasoning and security concerns better though
doubling the up in simple terms allows for the unterminted string error for one.
when it comes to SQL and if you do not double them up what happens is your statements are cut and ended mostly at the single instance of the apostrpophe.
so if you had
INERT INTO tbl SET names = 'john's'
all you get is
INERT INTO tbl SET names = 'john'
in all the second escapes the first
more explanations
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
sedj
Programmer
- Aug 6, 2002
- 5,610
Code:
public class Test {
public static void main(String args[]) throws Exception {
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/test");
for (int i = 0; i < 3; i++) {
aaa(conn, "Joh's hhh");
aaa(conn, "Joh's Dad's ouse");
aaa(conn, "Jack's Mother's Da'dss's ''' hhh");
}
conn.close();
}
public static void aaa(Connection conn, String value) throws Exception {
value = value.replaceAll("'", "''");
Statement s = conn.createStatement();
s.executeUpdate("insert into test values ('" +value +"')");
s.close();
}
}-
1
- #9
Hi,
It is always a problem, when inserting a value with ' into the DB. Not only with insert but also with Update and Select the values with '. Java Provides with PreparedStatement with this you can avoid the above problem when inserting or updating the values in a table.
If you use a Statement instead of PreparedStatement every String value that you are inserting should pass through a function which replaces the '. Its all about writing a single function. But still a pain and not sure.
When MySQL Driver supports PreparedStatment's why don't we make best use of it.
String sql = "INSERT INTO my_table (col_string) VALUES(?)";
PreparedStatement pstmt = connection.prepareStatement(sql);
// Set the value
pstmt.setString(1, "john's"
;
// Insert the row
pstmt.executeUpdate();
It is just a suggestion.
Cheers,
Venu
It is always a problem, when inserting a value with ' into the DB. Not only with insert but also with Update and Select the values with '. Java Provides with PreparedStatement with this you can avoid the above problem when inserting or updating the values in a table.
If you use a Statement instead of PreparedStatement every String value that you are inserting should pass through a function which replaces the '. Its all about writing a single function. But still a pain and not sure.
When MySQL Driver supports PreparedStatment's why don't we make best use of it.
String sql = "INSERT INTO my_table (col_string) VALUES(?)";
PreparedStatement pstmt = connection.prepareStatement(sql);
// Set the value
pstmt.setString(1, "john's"
;// Insert the row
pstmt.executeUpdate();
It is just a suggestion.
Cheers,
Venu
thanks Venu I was not a where of this built in function yet. It will absolutely benefit my development
* for the great tip
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
* for the great tip
___________________________________________________________________
The answer to your ??'s may be closer then you think.
Check out Tek-Tips knowledge bank by clicking the FAQ link at the top of the page
- Thread starter
- #11
- Thread starter
- #12
- Thread starter
- #14
Hi Sedj,
thank you but it doesn't work, in the updateprovider.jsp the string val equals to null?
And in the address of the a href, it says:
updateprovider.jsp?
that's all, shouldn't it be:
updateprovider.jsp? id = 34
but the source code is ok, says id=34
Shouldn't I have an hidden input type?
Cheers,
Vero
thank you but it doesn't work, in the updateprovider.jsp the string val equals to null?
And in the address of the a href, it says:
updateprovider.jsp?
that's all, shouldn't it be:
updateprovider.jsp? id = 34
but the source code is ok, says id=34
Shouldn't I have an hidden input type?
Cheers,
Vero
- Thread starter
- #15
- Status
Similar threads