Quotes in SQL string
I have to pass a string of SQL from a java class to call a Sybase stored procedure. Everything's working well, except for when the input fields contain quote marks. Then, the SQL ends up something like;
which obviously doesn't work. It's valid for quote marks to be included in these information fields, so I have to allow it . . . how can I avoid these characters messing up my carefully crafted SQL?
MyProc 'My House', 'Your House', 'John's House'
Many thanks in advance, DaveMere
Last edited by DaveMere; 04-07-2005 at 11:58 AM.
Use a StringBuffer to remove the quotes. Something like...
If you don't want to do that you could just check the string for quotes and any other characters you don't want in there, and if they're there tell the user to do it again.
StringBuffer theString = new StringBuffer(yourString);
int index = theString.indexOf("\'");
while(index != -1)
index = theString.indexOf("\'");
-- Android Development Center
-- Cloud Development Project Center
-- HTML5 Development Center
-- Windows Mobile Development Center