Little Question about JDBC & String Handling

Liihes · 06/29/2016, 00:28

The posts are including apostrophes. So how to suppress them while executing the SQL Statement?

Code:

 term.replaceAll("'","''");

Should I use this or is there another good way?

Thanks for your help

Code:

	
String uString = txtString.getText();
String cString = uString .replaceAll("'","''");
StringBuilder sb = new StringBuilder();

		sb.append("UPDATE `tablename` SET ");

		if (!cString.isEmpty()) {
			sb.append("colum='" + cString+ "'");
		}

                sb.append(" WHERE .... ";");

Zunft · 06/29/2016, 01:20

You should take a look at

. With Statements you're able to build and execute your SQL Statement.

When it comes to variables with special characters you should use

. The magic happens by not inserting the variables directly in the Statment String but parsing them into the Statement String using Wildcards. This looks somehow like this:

Code:

private void updateTable(Connection con)
{
    PreparedStatement stmt = null;
    //'?' is a Wildcard 
    String update = "UPDATE ? SET [...]";

    try
    {
        stmt = con.prepareStatement(update);
        //IMPORTANT: First index of wildcard is 1
        stmt.setString(1, "your special string");

        stmt.executeUpdate();
        con.commit();
    }
    catch(SQLException e)
    {
        e.printStackTrace();
    }
}

Liihes · 06/29/2016, 01:38

Quote:
Originally Posted by Mr. Boombastic
Spoiler
You should take a look at . With Statements you're able to build and execute your SQL Statement.

When it comes to variables with special characters you should use . The magic happens by not inserting the variables directly in the Statment String but parsing them into the Statement String using Wildcards. This looks somehow like this:
Code:
private void updateTable(Connection con)
{
    PreparedStatement stmt = null;
    //'?' is a Wildcard 
    String update = "UPDATE ? SET [...]";

    try
    {
        stmt = con.prepareStatement(update);
        //IMPORTANT: First index of wildcard is 1
        stmt.setString(1, "your special string");

        stmt.executeUpdate();
        con.commit();
    }
    catch(SQLException e)
    {
        e.printStackTrace();
    }
}

Question solved, close please

Devsome · 06/29/2016, 10:05

Quote:

Originally Posted by Liihes

Question solved, close please

#closed as request