The following code is fairly basic:
Statement statement = dbConnection.createStatement();
String sqlQuery = "INSERT INTO Settings VALUES (\"UserName\", \"" + name +
However, if the String object "name" contains a double quote ("), the whole
thing comes crashing down. I seem to recall there being a simple way around
this... Some automatic means of escape-encoding a String before plugging it
into an SQL statement, perhaps?
I know that using a prepared statement would work, but I'd like to avoid
this if possible in this case.
To unsubscribe from this list, please an send
email to 'firstname.lastname@example.org' with the text
'unsubscribe instantdb' in the message body.