Re: Escaping strings?

You need to escape \ and ' but using setString() is the most portable
way of doing it. Escape them both with \. Something like this...

StringBuffer sbuf = new StringBuffer();
for(i = 0; i < str.length(); i++)
{
    char c = str.charAt(i);
    if(c == '\\' || c == '\'')
        sbuf.append((char)'\\');
    sbuf.append(c);
}

Cheers,

Tom.

On Mon, 2002-11-04 at 11:35, Timothy Reaves wrote:
>     Unfortunatly I can not do that, as the entire sql string is dynamically
> generated.  Is there no parseString() or escapeString() method?  If not,
> what charachers need escaping?
>
>     Thanks!
>
> On 04 Nov 2002 11:14:00 +0900
> "Thomas O'Dowd" <tom@nooper.com> wrote:
>
> > Use the setString() method of PreparedStatement and it will escape
> > things for you.
> >
> > Tom.
> >
> > On Mon, 2002-11-04 at 11:06, Timothy Reaves wrote:
> > >     What is the proper way to insure a text string (i.e. one read from
> > >     a
> > > JTextField.getText()) is propery escaped?  I assumed the JDBC driver
> > > would do this automatically, but it does not.  An ' character will
> > > cause the JDBC driver to throw an exception.
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 5: Have you checked our
> > > extensive FAQ?
> > >
> > > http://www.postgresql.org/users-lounge/docs/faq.html
> > --
> > Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
> > i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
i-mode & FOMA consulting, development, testing: http://nooper.co.jp/