I guess depending on the driver for the db, it would know what to do to
escape the quotes.
Hmm, shouldn't :
prepare.executeQuery(sql) ;
be this instead :
prepare.executeUpdate(sql) ;
?
Anwyay Manuel, what error are you getting ?
Manuel Lenz wrote:
How do
you should escape your sql data values for mischieveous chars like single
quotes etc.
-Original Message-
From: Manuel Lenz [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 4:33 PM
To: Struts Users Mailing List
Subject: Antwort: [OT] Re: far reaching db question
How do
How can I do that?
Navjot Singh [EMAIL PROTECTED]
28.10.2003 12:32
Bitte antworten an Struts Users Mailing List
An: Struts Users Mailing List
[EMAIL PROTECTED]
Kopie:
Thema: RE: Antwort: [OT] Re: far reaching db question
you should escape your sql data
--- Manuel Lenz [EMAIL PROTECTED] wrote:
How do preparedStatements handle single quotes and other injection
attacks?
This is JDBC driver dependent. Each database might handle single quote
escaping differently; however, doubling them with another single quote
seems to be common.
I changed
4 matches
Mail list logo