dcsimg
== QUESTION: stringProcessor.protectFromEscape( String[] a, String b ) off the shelf ?? - please read ==
3 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   laeticia_corlean
Posted On:   Thursday, October 10, 2002 01:35 AM

Hi, I am dealing with JDBC at the moment. My problem was that if I want to update a text row, I had to be carfull that the text I want to assign does not contain escape characters. For instance, if I want modify the row "name" where the current value is "corlean" by "Mc' Donald" (note the <'> character here) I would run a query like this: String query = "UPDATE TABLE users SET name = 'Mc' Donals' WHERE name = 'corlean'"; Note that the part of the query showing problems is the following: name = 'Mc' Donals' precisely because the string contains <'>, which is a charcter to be escaped.    More>>

Hi,


I am dealing with JDBC at the moment.
My problem was that if I want to update a text row, I had to be carfull that the text I want to assign does not contain escape characters.

For instance, if I want modify the row "name" where the current value is "corlean" by "Mc' Donald" (note the <'> character here) I would run a query like this:



String query = "UPDATE TABLE users SET name = 'Mc' Donals' WHERE name = 'corlean'";


Note that the part of the query showing problems is the following: name = 'Mc' Donals' precisely because the string contains <'>, which is a charcter to be escaped.


My question is the following: Is their a method/class off the shelf that I could use to escape characters?

Something like:


String sequencesToBeEscaped[] = { "'", """, "this has to be escaped too!" }; // The list of sequences to be escaped

String escapeChar = ""; // The escape charcter to be used

StringProcessor stringProcessor = new StringProcessor( sequencesToBeEscaped, escapeChar )

String protectedString = stringProcessor.protectFromEscape();

Thanks!!!!

   <<Less

Re: == QUESTION: stringProcessor.protectFromEscape( String[] a, String b ) off the shelf ?? - please read ==

Posted By:   Stephen_Ostermiller  
Posted On:   Friday, October 11, 2002 05:50 AM

There are more than just ' and that need to be escaped to make SQL safe. I wrote a function that escapes SQL safely as part of my StringHelper class:
http://ostermiller.org/utils/StringHelper.html

Re: == QUESTION: stringProcessor.protectFromEscape( String[] a, String b ) off the shelf ?? - please read ==

Posted By:   Adrian_K  
Posted On:   Thursday, October 10, 2002 03:24 AM

You can 'escape the caracters, so the query wil be: "UPDATE TABLE users SET name = 'Mc\' Donals' WHERE name = 'corlean'";....

But if you can use Prepared Statements you don't need to worry about this things...The driver/s do this work for you...even you change your DB engine.....

Re: == QUESTION: stringProcessor.protectFromEscape( String[] a, String b ) off the shelf ?? - please read ==

Posted By:   laeticia_corlean  
Posted On:   Thursday, October 10, 2002 02:54 AM

I just learned that the query sent to a JDBC driver could include the "escape" statment in order to deal with those anoying SQL related escape characters.

Have a look at your JDBC driver documentation for more info :o)
About | Sitemap | Contact