You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@turbine.apache.org by Hristo Kosev <hk...@hotmail.com> on 2001/04/07 10:02:38 UTC
BasePeer and special characters escaping
Hi!
Does anybody know some convenient way to escape special characters as:
' " / and so on...
I need that as I use BasePeer.executeQuery(String) and I construct the query
directly using data.getParameters().
For example:
String username = data.getParameters().getString("username", "");
BasePeer.executeQuery("select * from TURBINE_USER where LOGIN_NAME='" +
username + "'");
It's clear what should happen if I input ab'c for username. Is there any way
to use PreparedStatements with BasePeer or even some method in
ParameterParser for escaping these special characters?
Thanks in advance for any help I get!
Hristo
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: BasePeer and special characters escaping
Posted by Daniel Rall <dl...@collab.net>.
"Hristo Kosev" <hk...@hotmail.com> writes:
> Hi!
> Does anybody know some convenient way to escape special characters as:
> ' " / and so on...
> I need that as I use BasePeer.executeQuery(String) and I construct the
> query directly using data.getParameters().
>
> For example:
> String username = data.getParameters().getString("username", "");
> BasePeer.executeQuery("select * from TURBINE_USER where LOGIN_NAME='"
> + username + "'");
>
>
> It's clear what should happen if I input ab'c for username. Is there
> any way to use PreparedStatements with BasePeer or even some method in
> ParameterParser for escaping these special characters?
There is quoteAndEscapeText(String rawText) in the util.db package,
but it's pacakge private. I just made it public because I think that
it is useful to consumers of Turbine, even if they should just be
using the Peer system in the first place. ;)
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: BasePeer and special characters escaping
Posted by Daniel Rall <dl...@collab.net>.
Leon Messerschmidt <le...@opticode.co.za> writes:
> Hi,
>
> I you're using generated Peer's you should be able to supply it with a
> ResultSet which you can get from your own custom PreparedStatement.
>
> BasePeer does not do a PreparedStatement on selects, only on Inserts and
> Updates. It tries to escape characters but it is not always successful.
If you guys can provide some concrete examples of unsuccessful escape
attempts and relevant database information, I'd be happy to fix.
Daniel
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org
Re: BasePeer and special characters escaping
Posted by Leon Messerschmidt <le...@opticode.co.za>.
Hi,
I you're using generated Peer's you should be able to supply it with a
ResultSet which you can get from your own custom PreparedStatement.
BasePeer does not do a PreparedStatement on selects, only on Inserts and
Updates. It tries to escape characters but it is not always successful.
~ Leon
----- Original Message -----
From: "Hristo Kosev" <hk...@hotmail.com>
To: <tu...@jakarta.apache.org>
Sent: Saturday, April 07, 2001 10:02 AM
Subject: BasePeer and special characters escaping
> Hi!
> Does anybody know some convenient way to escape special characters as:
> ' " / and so on...
> I need that as I use BasePeer.executeQuery(String) and I construct the
query
> directly using data.getParameters().
> For example:
> String username = data.getParameters().getString("username", "");
> BasePeer.executeQuery("select * from TURBINE_USER where LOGIN_NAME='" +
> username + "'");
>
> It's clear what should happen if I input ab'c for username. Is there any
way
> to use PreparedStatements with BasePeer or even some method in
> ParameterParser for escaping these special characters?
>
> Thanks in advance for any help I get!
> Hristo
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: turbine-user-help@jakarta.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: turbine-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: turbine-user-help@jakarta.apache.org