InstantDB Project
About InstantDB
Project Mail Lists
Short History
Reporting Bugs
Screen Shots
3rd Party Examples
FAQs

Software
Downloads
Documentation
CVS Repositories
Roadmap
License

About Enhydra.org
Who We Are
News, Articles & Events
Getting Involved
Contact Us

Community
Demos
Contributions
Resources
Case Studies
On The Edge! -NEW-
Commercial Vendors


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject


Hi, there!

The following code is fairly basic:

  Statement statement = dbConnection.createStatement();
  String sqlQuery = "INSERT INTO Settings VALUES (\"UserName\", \"" + name +
"\")";
  statement.executeUpdate(sqlQuery);
  statement.close();

However, if the String object "name" contains a double quote ("), the whole
thing comes crashing down. I seem to recall there being a simple way around
this... Some automatic means of escape-encoding a String before plugging it
into an SQL statement, perhaps?

I know that using a prepared statement would work, but I'd like to avoid
this if possible in this case.

-Kevin Yank.

To unsubscribe from this list, please an send
email to 'majordomo@smartcard.co.uk' with the text
'unsubscribe instantdb' in the message body.