From: | David Johnston <polobo(at)yahoo(dot)com> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: single quotation confusion |
Date: | 2013-04-07 01:10:44 |
Message-ID: | 1365297044098-5751093.post@n5.nabble.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
R10 wrote
> i am connecting a postgresql database to a netbeans form , and when i try
> to execute a query which includes a string entered through a Jtextfield
> that contain the special charachter " ' " it reads it as a single
> quotation
> for example if a String txt = "it's cold" and to be inserted into a sql
> query "insert into test values ('"+txt+"')";
> it gives me
> syntax error at or near "s"
>
> any ideas how to solve that problem ??
In short you do not build queries by directly concatenating user-supplied
data. You use a PREPARED STATEMENT with placeholders and then use the
setXXX methods to map the data.
SQL: INSERT INTO test VALUES (?)
Others may be able to provide more concrete suggestions but otherwise find
some books/articles on database programming in Java. This is not a
PostgreSQL specific topic/solution. I've known this for so long now I
really cannot point you to any educational materials.
David J.
--
View this message in context: http://postgresql.1045698.n5.nabble.com/single-quotation-confusion-tp5751065p5751093.html
Sent from the PostgreSQL - jdbc mailing list archive at Nabble.com.
From | Date | Subject | |
---|---|---|---|
Next Message | Kevin Grittner | 2013-04-07 14:11:22 | Re: single quotation confusion |
Previous Message | R10 | 2013-04-06 15:18:12 | single quotation confusion |