Question

SQL Question :
from java program I need to store a single quotation ..
I mean something like that :
exeQuery("insert into tableName values (1 , 'hello')");
but if we put another word instead hello containing single quotation it makes exceptions
like the word don't
so how to do that ?

Answer 1

don't has a ' in it which has to be countered by putting a \ before it if I remember correctly.
exeQuery("insert into tableName values (1 , 'don\'t')");

Answer 2

Thanks that's right but I don't know when the single quotation will appear
I mean : the user will enter some data and I'll use them in the query

Answer 3

Try use a loop for the input and go through each character to detect if there is a ' and just add a \ before it. Cant find if there is a class in Java to do that unlike PHP which has magicquotes(data)

Answer 4

Thanks a lot
I should check for ' and for "
I thought there is more efficient way
I googled and found something called "PreparedStatement" but I didn't know how to deal with it
anyway thanks very much :)

Answer 5

I find the most effective ways (not only java) is to have a function to check all input, make sure it is correct and to remove symbols that are incorrect.

Answer 6

What you need to do is "sanitize" the input. That will ensure the program works correctly and also protect you from SQL injection attacks. I'm not sure if Java or the SQL interface you're using has a built-in function to sanitize SQL input but you should be able to find one. Best to use one that's proven to be secure because it can be tricky to write your own.

Answer 7

From what I can tell, the input would never be read by jquery. The only thing read in the java program would be the name of the variable. Please correct me if I am wrong.

Answer 8

Thanks all ..
@ronnoceel : Yes that's right I'll read the input by a variable then i'll pass it to the query