Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Handling single quotes in data and SQL

Re: Handling single quotes in data and SQL

From: Jim Kennedy <jim>
Date: Thu, 20 Apr 2006 18:35:02 -0700
Message-ID: <OOKdnaS0-8Gpq9XZRVn-uA@comcast.com> 






"dean" <deanbrown3d_at_yahoo.com> wrote in message
news:1145545688.122846.66040_at_e56g2000cwe.googlegroups.com...


> Thanks, that's the solution. We do have some controls that prevent

> users from pressing or pasting in quote characters and other unsavory

> text, but this particular process in transferring data between a

> Websphere message queue (text format) and oracle staging tables, and it

> caught us off guard.

>

> Cheers,

>

> Dean

>




Yes, use bind variables.  You prevent sql injection.  You simplify code.
You increase the performance of the application.  Using bind variables are
best practice.


Jim
Received on Thu Apr 20 2006 - 20:35:02 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US