Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Handling single quotes in data and SQL

Re: Handling single quotes in data and SQL

From: Mark D Powell <Mark.Powell_at_eds.com>
Date: 20 Apr 2006 07:18:11 -0700
Message-ID: <1145542691.622849.140410@t31g2000cwb.googlegroups.com> 





Yes, scan the input string and if it contains a single quote double it
to being single quote single quote or eliminate the single quote from
the string altogether.



However, you should not be creating SQL statements that contain text
fields but should instead be using bind variables.  The use of strings
to build the SQL subjects your code to possilbe SQL Injection.  The
proper use of bind variables would take away both the possibility of
SQL Injection and the problem of the data containing a single quote.



HTH -- Mark D Powell --
Received on Thu Apr 20 2006 - 09:18:11 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US