I have problem when insert string that hv single quote.
Can anyone help me on this...
query ="INSERT INTO lexicon VALUES ( " + id +", '" + lex +"')";
s.executeUpdate(query);
where lex is ambassador's.
Below is the error:
java.sql.SQLException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 's')' at line 1
Based on your coding I assume that lex is a string variable holding the value ambassador's. So that your query variable would be like this
INSERT INTO lexicon VALUES ( 123 , 'ambassador's' )
did you notice that your second value does not closed properly. to resolve this try to suppress the codes which is inside your lex value. Lets assign
lex = "ambassador''s"; //two single quotes between r and s
use prepared statements or make string.replaceAll("'", ""); and when you're getting it out from the database, do the opposite.
Manuel Leiria
That's a school example of an SQL injection.
And that's why they invented the PreparedStatement.
Prepare here: http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html
