Little Question about JDBC & String Handling

06/29/2016 00:28 Liihes#1
The posts are including apostrophes. So how to suppress them while executing the SQL Statement?
Code:
 term.replaceAll("'","''");
Should I use this or is there another good way?

Thanks for your help :)
Code:
	
String uString = txtString.getText();
String cString = uString .replaceAll("'","''");
StringBuilder sb = new StringBuilder();

		sb.append("UPDATE `tablename` SET ");

		if (!cString.isEmpty()) {
			sb.append("colum='" + cString+ "'");
		}

                sb.append(" WHERE .... ";");
06/29/2016 01:20 Zunft#2
You should take a look at [Only registered and activated users can see links. Click Here To Register...]. With Statements you're able to build and execute your SQL Statement.

When it comes to variables with special characters you should use [Only registered and activated users can see links. Click Here To Register...]. The magic happens by not inserting the variables directly in the Statment String but parsing them into the Statement String using Wildcards. This looks somehow like this:

Code:
private void updateTable(Connection con)
{
    PreparedStatement stmt = null;
    //'?' is a Wildcard 
    String update = "UPDATE ? SET [...]";

    try
    {
        stmt = con.prepareStatement(update);
        //IMPORTANT: First index of wildcard is 1
        stmt.setString(1, "your special string");

        stmt.executeUpdate();
        con.commit();
    }
    catch(SQLException e)
    {
        e.printStackTrace();
    }
}
06/29/2016 01:38 Liihes#3
Quote:
Originally Posted by Mr. Boombastic View Post
Question solved, close please :)
06/29/2016 10:05 Devsome#4
Quote:
Originally Posted by Liihes View Post
Question solved, close please :)
#closed as request