You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Doug Leeper <do...@yahoo.com> on 2007/12/31 23:05:44 UTC
TextArea/TinyMceBehavior/quotes and sql...oh my
Not sure where my error falls into...wicket, tinymcebehavior, hibernate, or
mysql. My error (invalid syntax in my sql) is showing up when inserting.
I am using a textarea with TinyMceBehavior(false). The content has single
quotes; i.e. don't, you're. How do I escape these so they will be able to
be inserted properly. Is there some behavior in the textarea or
tinymcebehavior to handle this? or is this a hibernate/sql issue?
Thanks
- Doug
--
View this message in context: http://www.nabble.com/TextArea-TinyMceBehavior-quotes-and-sql...oh-my-tp14562465p14562465.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: TextArea/TinyMceBehavior/quotes and sql...oh my
Posted by Martijn Dashorst <ma...@gmail.com>.
This is an issue with not properly creating your insert sql I guess. Don't
*ever* create your sql statements without using bind parameters: it will
open your application for SQL injection attacks, also known as exploits of a
mom [1]. If you use bind parameters there will not be an issue with
escaping.
If you are using bind parameters, or are not sure, it might be a problem
with hibernate's mysql dialect.
Martijn
[1] http://xkcd.com/327/
On Dec 31, 2007 11:05 PM, Doug Leeper <do...@yahoo.com> wrote:
>
> Not sure where my error falls into...wicket, tinymcebehavior, hibernate,
> or
> mysql. My error (invalid syntax in my sql) is showing up when inserting.
>
> I am using a textarea with TinyMceBehavior(false). The content has single
> quotes; i.e. don't, you're. How do I escape these so they will be able to
> be inserted properly. Is there some behavior in the textarea or
> tinymcebehavior to handle this? or is this a hibernate/sql issue?
>
> Thanks
> - Doug
> --
> View this message in context:
> http://www.nabble.com/TextArea-TinyMceBehavior-quotes-and-sql...oh-my-tp14562465p14562465.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.0-rc2 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.0-rc1/