Quotes in SQL string


DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 2 of 2

Thread: Quotes in SQL string

  1. #1
    Join Date
    Mar 2005
    Location
    London
    Posts
    18

    Quotes in SQL string

    Hi there,

    I have to pass a string of SQL from a java class to call a Sybase stored procedure. Everything's working well, except for when the input fields contain quote marks. Then, the SQL ends up something like;
    MyProc 'My House', 'Your House', 'John's House'
    which obviously doesn't work. It's valid for quote marks to be included in these information fields, so I have to allow it . . . how can I avoid these characters messing up my carefully crafted SQL?

    Many thanks in advance, DaveMere
    Last edited by DaveMere; 04-07-2005 at 12:58 PM.

  2. #2
    Join Date
    Feb 2004
    Posts
    541
    Use a StringBuffer to remove the quotes. Something like...

    Code:
    StringBuffer theString = new StringBuffer(yourString);
    int index = theString.indexOf("\'");
    
    while(index != -1)
    {
        theString.deleteCharAt(index);
        index = theString.indexOf("\'");
    }
    If you don't want to do that you could just check the string for quotes and any other characters you don't want in there, and if they're there tell the user to do it again.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center