
InstantDB Project About InstantDB Project Mail Lists Short History Reporting Bugs Screen Shots 3rd Party Examples FAQs Software Downloads Documentation CVS Repositories Roadmap License

About Enhydra.org Who We Are News, Articles & Events Getting Involved Contact Us Community Demos Contributions Resources Case Studies On The Edge! -NEW- Commercial Vendors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re:

To: <instantdb@smartcard.co.uk>
Subject: Re:
From: "Kevin Yank" <kyank@ibm.net>
Date: Mon, 1 Nov 1999 06:14:16 -0500
References: <001201bf2436$6bb63380$5c60dec2@ceasar.demon.co.uk>
Sender: owner-instantdb@smartcard.co.uk

Yes, I understand. However, if a string to be inserted in the database is
input by the user, then special characters (quotes, tabs, newlines,
backslashes) must be escaped with a backslash before the string can be used
in an SQL INSERT statement. Is there any existing method for
auto-backslashing a string, or is this something I'll have to handle
programmatically myself?

-Kevin Yank.

----- Original Message -----
From: "Peter Hearty" <peter.hearty@ceasar.demon.co.uk>
To: <instantdb@smartcard.co.uk>
Sent: Monday, November 01, 1999 1:50 AM
Subject: Re:


> Kevin
>
> In InstantDB you have to escape quotes in strings using a backslash: \" or
> \'. See types.html in your InstantDB docs for details.
>
> Regards
>
> Peter Hearty
> Instant Computer Solutions
> -----Original Message-----
> From: Kevin Yank <kyank@ibm.net>
> To: instantdb@smartcard.co.uk <instantdb@smartcard.co.uk>
> Date: 31 October 1999 16:21
>
>
> >Hi, there!
> >
> >The following code is fairly basic:
> >
> >  Statement statement = dbConnection.createStatement();
> >  String sqlQuery = "INSERT INTO Settings VALUES (\"UserName\", \"" +
name
> +
> >"\")";
> >  statement.executeUpdate(sqlQuery);
> >  statement.close();
> >
> >However, if the String object "name" contains a double quote ("), the
whole
> >thing comes crashing down. I seem to recall there being a simple way
around
> >this... Some automatic means of escape-encoding a String before plugging
it
> >into an SQL statement, perhaps?
> >
> >I know that using a prepared statement would work, but I'd like to avoid
> >this if possible in this case.
> >
> >-Kevin Yank.
> >
> >To unsubscribe from this list, please an send
> >email to 'majordomo@smartcard.co.uk' with the text
> >'unsubscribe instantdb' in the message body.
>
> To unsubscribe from this list, please an send
> email to 'majordomo@smartcard.co.uk' with the text
> 'unsubscribe instantdb' in the message body.
>

To unsubscribe from this list, please an send
email to 'majordomo@smartcard.co.uk' with the text
'unsubscribe instantdb' in the message body.

References:
- Re:
  - From: "Peter Hearty" <peter.hearty@ceasar.demon.co.uk>

Prev by Date: Re:
Next by Date: InstantDB version 3.10 - two versions
Prev by thread: Re:
Next by thread: Re:
Index(es):
- Mail Date Index
- Mail Thread Index