You are viewing a plain text version of this content. The canonical link for it is here.

Posted to taglibs-user@tomcat.apache.org by DAVE ANAND <da...@longaberger.com> on 2002/05/16 19:43:21 UTC

single Quotes in SQL


How you handle single Quotes in the  sql stmt inside 
 an sql tag.





--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

RE: single Quotes in SQL

Posted by James Mitchell <jm...@telocity.com>.

Not sure if you got the answer to this.

single quotes should be changed to double single quotes (not " but '')




JM 

> -----Original Message-----
> From: Shawn Bayern [mailto:bayern@essentially.net]
> Sent: Thursday, May 16, 2002 5:19 PM
> To: Tag Libraries Users List
> Subject: Re: single Quotes in SQL
> 
> 
> On Thu, 16 May 2002, DAVE ANAND wrote:
> 
> > How you handle single Quotes in the sql stmt inside
> >  an sql tag.
> 
> It's best to use PreparedStatement behind the scenes.  For instance, you
> can use JSTL's <sql:param> tag inside a <sql:query> tag:
> 
>   <sql:query>
>     select * from users where last_name=?
>     <sql:param value="Rick O'Shea" />
>   </sql:query>
> 
> Of course, 'value' can point to an expression, whose value might contain
> single quotes, too.
> 
> -- 
> Shawn Bayern
> "JSP Standard Tag Library"   http://www.jstlbook.com
> (coming this summer from Manning Publications)
> 
> 
> --
> To unsubscribe, e-mail:   
> <ma...@jakarta.apache.org>
> For additional commands, e-mail: 
> <ma...@jakarta.apache.org>
> 
> 

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: single Quotes in SQL

Posted by Shawn Bayern <ba...@essentially.net>.

On Thu, 16 May 2002, DAVE ANAND wrote:

> How you handle single Quotes in the sql stmt inside
>  an sql tag.

It's best to use PreparedStatement behind the scenes.  For instance, you
can use JSTL's <sql:param> tag inside a <sql:query> tag:

  <sql:query>
    select * from users where last_name=?
    <sql:param value="Rick O'Shea" />
  </sql:query>

Of course, 'value' can point to an expression, whose value might contain
single quotes, too.

-- 
Shawn Bayern
"JSP Standard Tag Library"   http://www.jstlbook.com
(coming this summer from Manning Publications)

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>