Hi, there!
The following code is fairly basic:
Statement statement = dbConnection.createStatement();
String sqlQuery = "INSERT INTO Settings VALUES (\"UserName\", \"" + name +
"\")";
statement.executeUpdate(sqlQuery);
statement.close();
However, if the String object "name" contains a double quote ("), the whole
thing comes crashing down. I seem to recall there being a simple way around
this... Some automatic means of escape-encoding a String before plugging it
into an SQL statement, perhaps?
I know that using a prepared statement would work, but I'd like to avoid
this if possible in this case.
-Kevin Yank.
To unsubscribe from this list, please an send
email to 'majordomo@smartcard.co.uk' with the text
'unsubscribe instantdb' in the message body.
|