URGENT....PLEASE HELP!!!!
In one of my JSP's, I have the user enter a string that will be added to the table in my database. My problem is that if the user puts quotes as in "" around the string they enter, my bean method only gets a null instead of what was typed within the quotes.
For example, if the user enters this in the text box:
"Hello"
I will only get a totally empty string.
I know why this is happening but can not seem to figure out a way of getting around this problem.
PLEASE HELP!!! This is quite urgent!!!!
Thank you very much in advance!
[580 byte] By [
CHEERS] at [2007-9-26 3:25:33]
I guess the problem is the double quotes or single quotes are treaded as speical character in the database. So you have to find a way to escape the special character.
The easiest way to get around the special character is useing preparestatement, another tedious ways is scanning each single charater when you get the field from query string and add a \ before " or '.
hope this will help
[code]
String answer = request.getParameter("answer");
String sql = insert into t_answer(answer) values(?) where user_id=(String)session.getAttribute("userid");
PreparedStatement statPres = con.prepareStatement(sql);
statPres.setString(1);
statPres.executeUpdate();
[code]
