String adapter

Hi,

I have an arbitrary string, say fooString, digited by the user (so ti can contain ", /, \ and everything else comes in his mind..), and i must insert it in a mysql query. The problem arose with the characters " and \...

I tried to use the methods fooString.replaceAll("\\","\\\\") and fooString.replaceAll("\"","\\\""); but it does nothing... no changes in fooString!

Can anyone help me?

Moreover, Does anyone know a method to "adapt" a string autmatically?

Thanks a lot.

[514 byte] By [Catragaa] at [2007-10-3 3:02:15]

«« The question no one can answer
»» Bubble Sort Question.

# 1

You're also going to want to get rid of all ' (single quotes) you don't want none of that them there SQL Injection.

Norweeda at 2007-7-14 20:52:00 >

top of Java-index,Java Essentials,Java Programming...

# 2

replace() and replaceAll() work, but they don't modify the original String (as Strings are immutable), they return a new String with the modified contents. So instead of fooString.replace...(); do fooString = fooString.replace...();

Herko_ter_Horsta at 2007-7-14 20:52:00 >

# 3

Use PreparedStatement. That's always safer for dealing with arbitary strings.

malcolmmca at 2007-7-14 20:52:00 >

# 4

Also, for replacing '\', you need four \ in the regex string:fooString.replaceAll("\\\\", "whatever to replace it with")

MLRona at 2007-7-14 20:52:00 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

String adapter

Java Essentials New Topic

Java Essentials Hot Topic

Java Essentials

All Classified