> I create DB-Inserts from my struts application.
> But If an user types in the sign ' any dynamicly created inserts fail.
> This ist because of the sql-syntax which divides the string which will
> be
> saved with '.
>
> For example: insert into table test (name, number) values ('mr burns',
> '01723256477');
>
> How can I handle inserts in html-formulars which have the typed sign ' ?
>
Always use PreparedStatements. They handle the ' for you and prevent
other SQL injection attacks.
David
> Greetings,
> Manuel
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
