It sounds like you don't need to use the escapeSQL tag for the following 2
reasons:
1. Check your database as I bet you are getting double quotes in the records
2. The escapeSQL tag is probably only needed for standard (non-prepared)
statements
The standard statement would read something like
Update Customer Set Name = 'Miller' Where ID = 1
but the escaping is needed for names like O'Connor as
Update Customer Set Name = 'O'Connor' Where ID = 1
would not work, thus escaping is needed to produce
Update Customer Set Name = 'O''Connor' Where ID = 1
which will result in O'Connor in the database. When you are using
preparedStatement.setString() you do not encounter this problem as the SQL
engine does not have to parse a statement to find a value; you have told the
engine exactly what the value is.
-Stevers
-----Original Message-----
From: philtre [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 20, 2001 1:09 PM
To: [EMAIL PROTECTED]
Subject: escapeSQL problem
Hi,
I've been using DBtags for a few months and it wasn't until today that I
noticed this error (if it is indeed an error).
If I'm not mistaken, the escapeSQL tag and the PreparedStatement tag escape
a single quote by adding an additional single quote in front of it. The
problem is that, when I retrieve the database entry, all the single quotes
are doubled, and if I update the entry and then retrieve it again, the
single quotes are quadrupled. This is probably due to the fact that there is
no "unescaping" when retrieving database entries.
Is this something you've overlooked, or am I supposed to manually parse the
retrieved string to remove redundand single quotes?
Could you please provide me with an answer to this by email, since I don't
check the Jakarta pages regularly.
Looking forward to your answer,
philtre
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
