problem with passing query which has ' in it
1 posts in topic
Flat View  Flat View
Older Post First |   Reply to Topic
TOPIC ACTIONS:
 

Posted By:   gurpreet_ahluwalia
Posted On:   Monday, June 10, 2002 03:35 AM

i am facing a problem.....


String name="gurpreet's";



stmt=con.prepareStatement("select user from Table1 where user='"+name+"' ");


rs=stmt.executeQuery();

while(rs.next())

{

out.println(rs.getString("user"));

}



Now this throws Exception that sql statement not ended properly...

plz help me ...

Report | Quote This | Send private message | Reply | Print

Re: problem with passing query which has ' in it

Posted By:   Lasse_Koskela  
Posted On:   Monday, June 10, 2002 03:56 AM


You're already using PreparedStatement, which is a step in the right direction.


However, you should use the following convention for including strings with "'" characters:


String sql = "SELECT user FROM table1 WHERE user = ?";
pstmt = con.prepareStatement(sql);
pstmt.setString(1, "gurpreet's");
rs = pstmt.executeQuery();

The setString(int, String) is a safe way to include any kind of string into an SQL statement.

Report | Quote This | Send private message | Reply | Print
About | Sitemap | Contact