On Thu, 16 May 2002, DAVE ANAND wrote:
> How you handle single Quotes in the sql stmt inside
> an sql tag.
It's best to use PreparedStatement behind the scenes. For instance, you
can use JSTL's <sql:param> tag inside a <sql:query> tag:
<sql:query>
select * from users where last_name=?
<sql:param value="Rick O'Shea" />
</sql:query>
Of course, 'value' can point to an expression, whose value might contain
single quotes, too.
--
Shawn Bayern
"JSP Standard Tag Library" http://www.jstlbook.com
(coming this summer from Manning Publications)
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
