| By Joseph Ottinger |
Article Rating: |
|
| January 1, 2000 12:00 AM EST |
Reads: |
30,278 |
It depends on the SQL backend you're using, and how sincere you are. Basically, you'd want to convert every single quote to be double-single-quotes (i.e., O'Donnell becomes O''Donnell), which means writing a custom function.
That's ugly, and unnecessary. (Aren't you glad?)
If you use PreparedStatements, the JDBC driver will escape all data for you, for the specific database you're using. (This is important, as some DBs don't follow the "double single-quotes" rule mentioned above.) Example code:
PreparedStatement ps=conn.prepareStatement("insert into names values (?)");
ps.setString(1, "O'Donnell");
ps.executeUpdate();
Reproduced with permission of http://java.enigmastation.com/index The Undernet #Java Knowledge Base
I am a software evangelist for GigaSpaces technologies, as well as a writer and musician. I've been the editor-in-chief of Java Developer's Journal and TheServerSide.
GigaSpaces Technologies is a leading provider of a new generation of application platforms for Java and .Net environments that offer an alternative to traditional application-servers. The company's eXtreme Application Platform (XAP) is a high-end application server, designed to meet the most demanding business requirements in a cost-effective manner. It is the only product that provides a complete middleware solution on a single, scalable platform. XAP is trusted by Fortune 100 companies, which leverage it as a strategic solution that enhances efficiency and agility across the IT organization.
Subscribe to JAVA Developer's Journal Email News Alerts
Subscribe via RSS
