You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Mustafa Yalniz <ya...@bumed.org.tr> on 2003/07/23 19:27:58 UTC
escaping characters
Hi,
I am trying to escape characters before saving it into the database. When
the user enters something with apostrophe then it does not save it into the
database since the first apostrophe is interpreted as end of entry. It is
interpreted as syntax error. Does anybody has any experience with this
such as how to escape these special characters in cocoon before saving them
into database.
Thanks,
Mustafa
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: escaping characters
Posted by Geoff Howard <co...@leverageweb.com>.
Mustafa Yalniz wrote:
> Hi,
>
> I am trying to escape characters before saving it into the database.
> When the user enters something with apostrophe then it does not save it
> into the database since the first apostrophe is interpreted as end of
> entry. It is interpreted as syntax error. Does anybody has any
> experience with this such as how to escape these special characters in
> cocoon before saving them into database.
>
> Thanks,
> Mustafa
You haven't given any information about how you are interacting with
your database. There are many ways in Cocoon.
However, I can tell you that this shows that either you or the method
you are using is not using java's PreparedStatement which most people
would highly reccomend. The problem you have just discovered can be
exploited by hackers (AKA SQL Injection) and is a problem with any code
that dynamically creates SQL statements from user input.
If you choose for whatever reason to ignore PreparedStatements (or
CallableStatement) you must handle the escaping yourself.
Geoff
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org