Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Java Essentials >> Java Programming

formating a password with special charactres (#$%&) for oracle

I am using executeQuery statement to alter a user password that has special charactres in it, but having a difficult time with the format, could someone show me how to do that?Thankscheers

[209 byte] By [tfbsrba] at [2007-11-27 1:56:12]

«« file types in jFileChooser
»» Using variable value inplace of table name

# 1

Use escape character, for oracle it should be "\".

http://orafaq.com/faq/how_does_one_escape_special_characters_when_writing_sql_queries

http://orafaq.com/faqsql.htm

If you write it in Java, you need an extra escape character.

e.g.

String query = "select * from my_table where id = '\\%'";

rym82a at 2007-7-12 1:30:14 >

top of Java-index,Java Essentials,Java Programming...

# 2

Thanks but I should have said a string with special characters in it

exaample:

String pass = "test@2pm";

String user = "me";

sql = "Alter user " +user+ " identified by " + pass;

my prblem is escaping the complete string, have tried various, but no success. How to I escape the string password.

Thanks

tfbsrba at 2007-7-12 1:30:14 >

# 3

Still unclear.

abillconsla at 2007-7-12 1:30:14 >

# 4

You shouldn't be mucking about with escapes - Oracle has already written all of the code, as have most of the thin driver providers.String update = "Alter user ? identified by ?";

PreparedStatement pstmt = connection.prepareStatement(update);

pstmt.setString(1, userName);

pstmt.setString(2, password);

pstmt.executeUpdate();

...

Using PreparedStatements is always your best bet for avoiding bad escapes and SQL injection problems.

cafala at 2007-7-12 1:30:14 >

# 5

> You shouldn't be mucking about with escapes - Oracle

> has already written all of the code, as have most of

> the thin driver providers.String update =

> "Alter user ? identified by ?";

> PreparedStatement pstmt =

> connection.prepareStatement(update);

> pstmt.setString(1, userName);

> pstmt.setString(2, password);

> pstmt.executeUpdate();

> ...

Using PreparedStatements is always your

> best bet for avoiding bad escapes and SQL injection

> problems.

Is that what the OP meant? Good for you.

abillconsla at 2007-7-12 1:30:14 >

# 6

Thnak you very much ...works and than for the info on PreparedStatements cheers

tfbsrba at 2007-7-12 1:30:14 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

formating a password with special charactres (#$%&) for oracle

Java Essentials New Topic

Java Essentials Hot Topic

Java Essentials

All Classified