users@glassfish.java.net

Re: Using JSP, want a text editor for text area

From: <glassfish_at_javadesktop.org>
Date: Wed, 23 Jan 2008 15:09:36 PST

> I am trying ,to make a text area,where:
>
> -user can use ' like don't,aren't , but it will
> create problem while inserting in database,so please
> help for this

If you use the Java Persistence API it will take care of these kinds of problems for you. See http://java.sun.com/javaee/overview/faq/persistence.jsp

However, if you must deal directly with a database, just use "prepared statements" to handle escaping special characters in your data. For example:

            Connection connection = ...; // code to set up connection to dbase here...
            String user_input = "don't can't won't ain't so there, goddamit!";
            PreparedStatement pstmt = connection.prepareStatement (
                    "SELECT * FROM MY_TABLE WHERE USER_DATA = ?"
                    );
            pstmt.setString (1, user_input);
            ResultSet rs = pstmt.executeQuery ();
            etc...

Or something like:

            pstmt2 = connection.prepareStatement (
                    "INSERT into BAD_WORDS_TABLE values (?,?)"
                    );
            pstmt2.setString (1, "ain't");
            pstmt2.setString (2, "Yo momma!");
            pstmt2.execute ();

I think this will handle the special characters.
[Message sent by forum member 'duncant' (duncant)]

http://forums.java.net/jive/thread.jspa?messageID=255478