tomcat-taglibs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Johnson-Evers <>
Subject RE: escapeSQL problem
Date Wed, 21 Nov 2001 16:35:52 GMT
It sounds like you don't need to use the escapeSQL tag for the following 2

1. Check your database as I bet you are getting double quotes in the records

2. The escapeSQL tag is probably only needed for standard (non-prepared)

The standard statement would read something like

	Update Customer Set Name = 'Miller' Where ID = 1

but the escaping is needed for names like O'Connor as

	Update Customer Set Name = 'O'Connor' Where ID = 1

would not work, thus escaping is needed to produce

	Update Customer Set Name = 'O''Connor' Where ID = 1

which will result in O'Connor in the database. When you are using
preparedStatement.setString() you do not encounter this problem as the SQL
engine does not have to parse a statement to find a value; you have told the
engine exactly what the value is.


-----Original Message-----
From: philtre []
Sent: Tuesday, November 20, 2001 1:09 PM
Subject: escapeSQL problem

I've been using DBtags for a few months and it wasn't until today that I
noticed this error (if it is indeed an error).
If I'm not mistaken, the escapeSQL tag and the PreparedStatement tag escape
a single quote by adding an additional single quote in front of it. The
problem is that, when I retrieve the database entry, all the single quotes
are doubled, and if I update the entry and then retrieve it again, the
single quotes are quadrupled. This is probably due to the fact that there is
no "unescaping" when retrieving database entries.
Is this something you've overlooked, or am I supposed to manually parse the
retrieved string to remove redundand single quotes?

Could you please provide me with an answer to this by email, since I don't
check the Jakarta pages regularly.

Looking forward to your answer, 


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message