> I create DB-Inserts from my struts application. > But If an user types in the sign ' any dynamicly created inserts fail. > This ist because of the sql-syntax which divides the string which will > be > saved with '. > > For example: insert into table test (name, number) values ('mr burns', > '01723256477'); > > How can I handle inserts in html-formulars which have the typed sign ' ? >
Always use PreparedStatements. They handle the ' for you and prevent other SQL injection attacks. David > Greetings, > Manuel > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]