escaping characters

[Mustafa Yalniz <ya...@bumed.org.tr>]

Hi,

I am trying to escape characters before saving it into the database. When 
the user enters something with apostrophe then it does not save it into the 
database since the first apostrophe is interpreted as end of entry. It is 
interpreted as syntax error.  Does anybody has any experience with this 
such as how to escape these special characters in cocoon before saving them 
into database.

Thanks,
Mustafa


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org

Re: escaping characters

[Geoff Howard <co...@leverageweb.com>]

Mustafa Yalniz wrote:
> Hi,
> 
> I am trying to escape characters before saving it into the database. 
> When the user enters something with apostrophe then it does not save it 
> into the database since the first apostrophe is interpreted as end of 
> entry. It is interpreted as syntax error.  Does anybody has any 
> experience with this such as how to escape these special characters in 
> cocoon before saving them into database.
> 
> Thanks,
> Mustafa

You haven't given any information about how you are interacting with 
your database.  There are many ways in Cocoon.

However, I can tell you that this shows that either you or the method 
you are using is not using java's PreparedStatement which most people 
would highly reccomend.  The problem you have just discovered can be 
exploited by hackers (AKA SQL Injection) and is a problem with any code 
that dynamically creates SQL statements from user input.

If you choose for whatever reason to ignore PreparedStatements (or 
CallableStatement) you must handle the escaping yourself.

Geoff


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org