You need to escape \ and ' but using setString() is the most portable
way of doing it. Escape them both with \. Something like this...
StringBuffer sbuf = new StringBuffer();
for(i = 0; i < str.length(); i++)
{
char c = str.charAt(i);
if(c == '\\' || c == '\'')
sbuf.append((char)'\\');
sbuf.append(c);
}
Cheers,
Tom.
On Mon, 2002-11-04 at 11:35, Timothy Reaves wrote:
> Unfortunatly I can not do that, as the entire sql string is dynamically
> generated. Is there no parseString() or escapeString() method? If not,
> what charachers need escaping?
>
> Thanks!
>
> On 04 Nov 2002 11:14:00 +0900
> "Thomas O'Dowd" <tom@nooper.com> wrote:
>
> > Use the setString() method of PreparedStatement and it will escape
> > things for you.
> >
> > Tom.
> >
> > On Mon, 2002-11-04 at 11:06, Timothy Reaves wrote:
> > > What is the proper way to insure a text string (i.e. one read from
> > > a
> > > JTextField.getText()) is propery escaped? I assumed the JDBC driver
> > > would do this automatically, but it does not. An ' character will
> > > cause the JDBC driver to throw an exception.
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 5: Have you checked our
> > > extensive FAQ?
> > >
> > > http://www.postgresql.org/users-lounge/docs/faq.html
> > --
> > Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
> > i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
i-mode & FOMA consulting, development, testing: http://nooper.co.jp/