Hi Tony,
I'm not sure if it's any help but I had the same kind of problem when
writing the user signup code in PHP for the techdocs site.
In PHP there's a set of functions called rawurlencode() and
rawurldecode() which take an input string (i.e. D'Arcy Cain) then make
it URL encodes i.e. D%28Arcy%20Cain (not sure about the value numbers
there). I just rawurlencode() everything after receiving it, use the
URL encoded version everywhere in the code for safety, then before
displaying it run the output through rawurldecode().
This way I never have to worry about the user input, as the only
characters that are ever there are alpha's and the % character. Not
doing LIKE queries so it's all good.
If Java has a method to URL encode stuff then it might be the way to
go. It does mean you have to enlarge your column widths though.
:-)
Regards and best wishes,
Justin Clift
tony wrote:
>
> I have localized the source of my problem.
>
> Macromedia Ultradev is JSP 1.0
> The previous version of Tomcat I was running was also JSP 1.0. The
> escaping of single quotes in sql queries was handles automagically.
>
> Moving to Tomcat 3.2 and Tomcat 4.x I am now running a JSP 1.1 or 1.2
> container. Now the escaping seems to be handled by a jakarta taglib. The
> other solution seems to be - manually modify the JSP source to put "
> around the insert statements.
>
> Cheers
>
> Tony Grant
>
> --
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly
--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
