Advice Me: which characters can make insert go wrong

bobd303 · #1 (**permalink**) 02-02-05, 00:46

hi,
I am creating a jsp app which will add some data to mysql tables.. Now if we enter some characters like single quote(') it will create error while inserting/updating the db..
I would like to know what can i do for that.. Also what all characters like single quotes can create problem in updation of db..
thanks

r937 · #2 (**permalink**) 02-02-05, 06:27

single quote is the only problem

replace each single quote in the text with two consecutive single quotes

e.g. to insert the name O'Toole,

insert into names (name) values ( 'O''Toole' )

bobd303 · #3 (**permalink**) 02-02-05, 06:33

thanks buddy

rbstern · #4 (**permalink**) 02-07-05, 22:07

It is good practice, anytime you update or insert strings into a SQL database, to pass the values through a function that handles the quotes. Example, in ASP I do something this:

function f_SafeQuotes(inputstring)
f_SafeQuotes = replace(inputstring," ' ", " '' ")
end function

...

conn.execute "insert into test (ID,name) values (1," & f_SafeQuotes(namevar) & ")"

bobd303 · #5 (**permalink**) 02-08-05, 09:03

that is a good idea.. infact now i am doing the same.. thanks

Internet Services

Web Development

Digital Marketing

Consumer Tech