Dealing with SQL special characters with Java
I am writing a program to convert the information read from a url into an "INSERT" statement so as that I can use this information on my own page. The problem is that I am saving some of the HTML tags i.e. <table>, as Strings. So for example....
String table1 =
"<table width="100%" border="0" cellspacing="0" cellpadding="0" class="table_border">
I then want to insert this string into a field in a database however, the quotation marks (") prevent the string from being read as a whole string! SQL interprets them as operators and doesnt know what to do. I know that Perl has a function to deal with this - I think its the escape function - but i was wondering is there a way similar to do it in java without having to go through each quotation mark and deal with them seperately as i have a lot of code.
e.g. Srting table1 = "......";
String escaped_table1 = table1.escape();
.... Insert into db values (escaped_table1);
Thanks in advance for your help!!!
Try \" for the inner quotations that are part of the string. i think.
Last edited by Phaelax; 07-13-2005 at 02:49 AM.
Try replacing them with apostrophes (') or escape them (\").
Thanks, but I thought of doing that already. The thing is that with all the <," and = characters it becomes very messy. Was just hoping someone would know of a way to feed the string into a function like an escape() function that would do it automatically. There is one in Perl so i thought there might be one in Java.
If you wanted to go the apostrophe route then java.lang.String has a replace() method that would do the job in one call.
str2 = str1.replace('"', ''');
There's something similar that works with StringBuffers so it would be a little more efficient.
-- Android Development Center
-- Cloud Development Project Center
-- HTML5 Development Center
-- Windows Mobile Development Center