Discussions

Web tier: servlets, JSP, Web frameworks: Newbie question... plz help!

Bookmark and Share Get thread feed

  1. Newbie question... plz help! (2 messages)

    how can parse a string before inserting it into a database (filter quotes...)? in php there is a function called add_slashes/strip_slashes... anything similar in java???
    Reply to this

    Threaded Messages (2)

  2. Newbie question... plz help![ Go to top ]

    you should use prepared statements. when you use the setString method, things get automatically escaped. i have a method that does it for you. it's not pretty but if you don't want to learn prepared statements, then let me know and i'll post it here...

    after you get your connection,

    // ugly code starts here
    import java.util.StringBuffer;
    import java.sql.*;

    .
    .
    .

    // build a query
    StringBuffer buf = new StringBuffer(1024);
    buf.append("INSERT INTO person ");
    buf.append("(name, age, quote) ");
    buf.append("VALUES(?, ?, ?) ");

    String quote = "i ain't don't can't won't english";


    // prepare our variables
    PreparedStatement pstmt = null;
    Connection con = null;

    try {

      // get database connection, don't use this code
      // sample only =p
      con = pool.getConnection();

      // prepare statement
      pstmt = con.prepareStatement(buf.toString());
      
      // now set parameters
      pstmt.clearParameters();
      
      pstmt.setString(1, 'Joseph'); // name
      pstmt.setInt(2, 18); // age
      pstmt.setString(3, quote); // aha! quote

      // the string quote gets auto-escaped

      pstmt.execute();
      pstmt.close();
      con.close();
    } catch (SQLException ex) {
      System.out.println("WTF!!! =(");
    }
    Reply to this Reply to original

  3. Newbie question... plz help![ Go to top ]

    thanks a lot! now it's working great...
    Reply to this Reply to original