Reputation: 51108
How to escape special characters used in SQL query?
Is there a Java library for escaping special characters from a string that is going to be inserted into an SQL query.
I keep writing code to escape various things, but I keep finding some new issue trips me up. So a library that takes care of all or most of the possibilities would be very handy.
EDIT: I am using MySQL (if that makes any difference).
Upvotes: 6
Views: 24655
Answers (3)
Reputation: 334
I know this is a long time thread, but using the commonslang library there is a method called escapeSql(String). Also using prepared statement automatically escape the offending SQL character.
Upvotes: 0
Reputation: 32831
Well... jdbc. Pass the strings as parameters, and don't append them to the query string
Upvotes: 7
Reputation: 51108
A little bit more research points me to this:
http://devwar.blogspot.com/2010/06/how-to-escape-special-characters-in.html
Which suggests to use apache.commons.lang.StringEscapeUtils, I will try this out
Upvotes: 1
Related Questions
- Java & MySql - How to escape query before execute it
- Escaping SQL Strings in Java
- How to escape quotes "" characters in MySQL and Java
- Unsupported characters in mysql query string
- How to escape string for SQL query (without prepared statement)
- Java SQL Escape without using setString
- Escaping Strings for MySQL in Java
- Escaping single quotes in table SQL queries
- How to "escape" a whole String - an SQL query
- How to escape SQL keywords in JPAQL