Handling apostrophes
Hi all, I'm developing an application which uses java servlets and JSPs and a MySQL database running on Tomcat 4.0. I take user input, store it on the db, then display it again. As soon as someone tried inputiing an apostrophe, it all fell over. It seems that I have to encode and decode every single text field. Is this correct, or is there a better way ? Thanks Dave
Re: Handling apostrophes
Hi there, you should simply duplicate in every input string the apostrophe. Meaning that if the input string is: eee'eee after manipulating it - BEFORE inserting it to the DB it will be: eee''eee ( ' twice, NOT A double quote) in the DB it will appear as SINGLE apostrophe. That will work! :o) David. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 10:55 AM Subject: Handling apostrophes > Hi all, > > I'm developing an application which uses java servlets and JSPs and > a MySQL database running on Tomcat 4.0. > > I take user input, store it on the db, then display it again. As > soon as someone tried inputiing an apostrophe, it all fell over. It seems > that I have to encode and decode every single text field. Is this correct, > or is there a better way ? > > Thanks > > Dave > >
RE: Handling apostrophes
Hi, Try using prepared statements. They allow parameters, so basically you define a query with parameters, then set parameter values, and jdbc takes care of all char-quoting. Greetings, deacon Marcus > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 22, 2001 10:55 AM > To: [EMAIL PROTECTED] > Subject: Handling apostrophes > > > Hi all, > > I'm developing an application which uses java servlets and JSPs and > a MySQL database running on Tomcat 4.0. > > I take user input, store it on the db, then display it again. As > soon as someone tried inputiing an apostrophe, it all fell over. It seems > that I have to encode and decode every single text field. Is this correct, > or is there a better way ? > > Thanks > > Dave > > >
RE: Handling apostrophes
So what would the input statement look like ? Dave -Original Message- From: Deacon Marcus [mailto:[EMAIL PROTECTED]] Sent: 22 October 2001 10:23 To: tomcat-user Subject: RE: Handling apostrophes Hi, Try using prepared statements. They allow parameters, so basically you define a query with parameters, then set parameter values, and jdbc takes care of all char-quoting. Greetings, deacon Marcus > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Monday, October 22, 2001 10:55 AM > To: [EMAIL PROTECTED] > Subject: Handling apostrophes > > > Hi all, > > I'm developing an application which uses java servlets and JSPs and > a MySQL database running on Tomcat 4.0. > > I take user input, store it on the db, then display it again. As > soon as someone tried inputiing an apostrophe, it all fell over. It seems > that I have to encode and decode every single text field. Is this correct, > or is there a better way ? > > Thanks > > Dave > > >
RE: Handling apostrophes
Sounds like a bigger overhead than encode Dave -Original Message- From: David Treves [mailto:[EMAIL PROTECTED]] Sent: 22 October 2001 10:09 To: tomcat-user Subject: Re: Handling apostrophes Hi there, you should simply duplicate in every input string the apostrophe. Meaning that if the input string is: eee'eee after manipulating it - BEFORE inserting it to the DB it will be: eee''eee ( ' twice, NOT A double quote) in the DB it will appear as SINGLE apostrophe. That will work! :o) David. - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 10:55 AM Subject: Handling apostrophes > Hi all, > > I'm developing an application which uses java servlets and JSPs and > a MySQL database running on Tomcat 4.0. > > I take user input, store it on the db, then display it again. As > soon as someone tried inputiing an apostrophe, it all fell over. It seems > that I have to encode and decode every single text field. Is this correct, > or is there a better way ? > > Thanks > > Dave > >
RE: Handling apostrophes
Not really a big overhead,
this piece of code wld do that...
public String padApos(String toPad)
{
StringTokenizer tokenizer=new StringTokenizer(toPad,"'");
String retVal=new String("");
while(tokenizer.hasMoreTokens())
{
retVal+=tokenizer.nextToken()+"''";
}
retVal=retVal.substring(0,retVal.length()-2);
return retVal;
}
Re: Handling apostrophes
do you believe that replacement of one char in a string with two chars costs more than encoding the string? David. btw, I believe that prepared statements may solve that issue the best way, that's in case you do not use JdbcOdbcBridge, from my experience I studied that it doesn't update varchar fields properly, make sure it won't happen to you. Good luck! :o) - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, October 22, 2001 11:33 AM Subject: RE: Handling apostrophes > Sounds like a bigger overhead than encode > > Dave > > > > -Original Message- > From: David Treves [mailto:[EMAIL PROTECTED]] > Sent: 22 October 2001 10:09 > To: tomcat-user > Subject: Re: Handling apostrophes > > > Hi there, > > you should simply duplicate in every input string the apostrophe. > > Meaning that if the input string is: > > eee'eee > > after manipulating it - BEFORE inserting it to the DB it will be: > > eee''eee ( ' twice, NOT A double quote) > > in the DB it will appear as SINGLE apostrophe. > > > That will work! :o) > David. > > ----- Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, October 22, 2001 10:55 AM > Subject: Handling apostrophes > > > > Hi all, > > > > I'm developing an application which uses java servlets and JSPs and > > a MySQL database running on Tomcat 4.0. > > > > I take user input, store it on the db, then display it again. As > > soon as someone tried inputiing an apostrophe, it all fell over. It seems > > that I have to encode and decode every single text field. Is this correct, > > or is there a better way ? > > > > Thanks > > > > Dave > > > >
RE: Handling apostrophes
well this piece of code will work, but you should implement it with
StringBuffer, not with String as String's are immutable and with every +=
you are allocating a new String and copying everything what can become a
great overhead.
michael
-Original Message-
From: Chandramouli Nagarajan [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 11:26 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Handling apostrophes
Not really a big overhead,
this piece of code wld do that...
public String padApos(String toPad)
{
StringTokenizer tokenizer=new StringTokenizer(toPad,"'");
String retVal=new String("");
while(tokenizer.hasMoreTokens())
{
retVal+=tokenizer.nextToken()+"''";
}
retVal=retVal.substring(0,retVal.length()-2);
return retVal;
}
RE: Handling apostrophes
call the following method like this
String_Util.replace(value,"'","''");
public static String replace(String oldString, String toReplace, String
replaceWith)
{
if(toReplace==null || toReplace.equals("") || oldString==null ||
oldString.equals("") || replaceWith==null)
return oldString;
StringBuffer sb=new StringBuffer();
int oldIndex=0;
int newIndex=0;
while((newIndex=oldString.indexOf(toReplace,oldIndex))!=-1)
{
sb.append(oldString.substring(oldIndex,newIndex));
sb.append(replaceWith);
oldIndex=newIndex=newIndex+toReplace.length();
}
sb.append(oldString.substring(oldIndex,oldString.length()));
return sb.toString();
}
michael
RE: Handling apostrophes
That's a good idea. Thanks for noting me.I wld follow it. Regards, N.Chandramouli.
RE: Handling apostrophes
Thanks Michael
Dave
-Original Message-
From: Michael Weissenbacher [mailto:[EMAIL PROTECTED]]
Sent: 22 October 2001 10:51
To: '[EMAIL PROTECTED]'
Subject: RE: Handling apostrophes
call the following method like this
String_Util.replace(value,"'","''");
public static String replace(String oldString, String toReplace, String
replaceWith)
{
if(toReplace==null || toReplace.equals("") || oldString==null ||
oldString.equals("") || replaceWith==null)
return oldString;
StringBuffer sb=new StringBuffer();
int oldIndex=0;
int newIndex=0;
while((newIndex=oldString.indexOf(toReplace,oldIndex))!=-1)
{
sb.append(oldString.substring(oldIndex,newIndex));
sb.append(replaceWith);
oldIndex=newIndex=newIndex+toReplace.length();
}
sb.append(oldString.substring(oldIndex,oldString.length()));
return sb.toString();
}
michael
RE: Handling apostrophes
I think this won't work if the last character in the toPad string is an
apostrophe.
-Original Message-
From: Chandramouli Nagarajan [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 11:26 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Handling apostrophes
Not really a big overhead,
this piece of code wld do that...
public String padApos(String toPad)
{
StringTokenizer tokenizer=new StringTokenizer(toPad,"'");
String retVal=new String("");
while(tokenizer.hasMoreTokens())
{
retVal+=tokenizer.nextToken()+"''";
}
retVal=retVal.substring(0,retVal.length()-2);
return retVal;
}
Re: Handling apostrophes
Yes, Dave,
Though this is off-topic, databases are my thing, so here's an answer:
Handling of qoutation marks and apostrophies are definete problem areas
with any database access, depending on how you formulate your queries.
If you embed your values to insert or update in Strings that make up an
sql statement, you are bound to have trouble. You can instead use 'set' or
'update' methods which handle the data "under the sheets" and can avoid
this problem. In such access, you'd use the question mark ('?') inside
your sql syntax in a prepared statement, or you'd identify your attributes
in your preceeding 'select' statement.
My company provides a Java-based API for our products and we need to pass
sql through the interface. Customers, of course, are want to do everything
sloppily, so, we wrote a few methods you might also want to write. First,
recognize that some database engines use "single quotes" - apostrophies -
while others use "double quotes" - the real quote character - while still
others will take either, and whichever one starts a quoted string will be
the one to end it. So, we wrote methods to help. One looks for proper
quoting in the string before considering it valid sql - the method returns
a boolean... Another method takes the sql and builds it correctly given a
variable someone wants to include in their sql, and so on.
In short, never take user input and blindly construct an SQL query string
with it. ...You _will_ get bitten on the arse.
...Oh, as an aside, I don't quite understand what the tokenizer Tarek
wrote about is supposed to do for you. Maybe he has something there, but
it wasn't clear to me how it would help you.
Regards,
RT
--
Richard Troy, Chief Scientist
Science Tools Corporation
[EMAIL PROTECTED], 510-567-9957, http://ScienceTools.com/
On Mon, 22 Oct 2001 [EMAIL PROTECTED] wrote:
> Date: Mon, 22 Oct 2001 09:55:17 +0100
> From: [EMAIL PROTECTED]
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Handling apostrophes
>
> Hi all,
>
> I'm developing an application which uses java servlets and JSPs and
> a MySQL database running on Tomcat 4.0.
>
> I take user input, store it on the db, then display it again. As
> soon as someone tried inputiing an apostrophe, it all fell over. It seems
> that I have to encode and decode every single text field. Is this correct,
> or is there a better way ?
>
> Thanks
>
> Dave
>
>
>
