tags:

views:

1254

answers:

4
+2  Q: 

How do I handle special characters in a Java PrepareStatement?

In the following SQL query using the PreparedStatement class:

String query_descrip = "insert into timitemdescription (itemkey, languageid, longdesc, shortdesc) values (?, 1033, ?,?)";
PreparedStatement pstmt2 = con.prepareStatement(query_descrip); 
pstmt2.setInt(1, rs4);
pstmt2.setString(2, itemdescription);
pstmt2.setString(3, itemdescription.substring(0,39));
pstmt2.executeUpdate();

I sometimes get apostrophes and single and double quotes in my item descriptions. for example, my late issue with one item is a "Planar 22" monitor". Of course, the string was misinterpreted and thought the description value was just "Planar 22". What is the best way to handle special characters in a string?

I've read that some people are using regex, however these seemed to be specific to a case by case basis. Another way I'm working on is reading the string array character by character. I was hoping there was a more efficient and less resource-intensive way of doing this.

UPDDATE AFter some more extensive testing, it turns out there were more problems occuring in my code. it was also a URL Encoding problem. When the html form was being populated by the jsp code,it would try to move the description field to an online form, it truncates it there on the form rather than on the query. jTDS also corrected the problem receiving the special characters. Because jTDS is a jar, it also helped avoid rebooting the machine. I will award the jTDS thread the bounty since that was what I partially used.

thanks in advance

+15  A: 

Since you are using PreparedStatement, you don't have to do anything at all, it will be handled for you by the JDBC driver. The only thing you have to look out for is non-ASCII characters, specifically you have to make sure the DB tables use an encoding for textual columns that can handle all characters you're going to use. But that's an SQL issue, not a Java issue.

Michael Borgwardt  2009-05-26 17:31:05
when I pass the itemdescription into the prepared statement, strings with double quotes are not being escaped and interpreted as the value terminator. Do you know any workarounds for this?
phill  2009-05-26 19:19:24
What SQL server and what driver are you using? If it's really not properly escaping strings, it is seriously flawed (possibly in other ways too) and I would consider moving to a different one.
Michael Borgwardt  2009-05-26 19:57:40
i'm using MS SQL Server 2000 Driver for JDBC and SQL Server 2005
phill  2009-05-26 20:10:27
Is there a more recent version of the JDBC driver? Not escaping quotes would be an absolute show-stopper bug making the driver completely worthless. I can hardly believe Microsoft would release such an obviously broken version. Or maybe it's a problem with your code, though the example above looks OK and I don't know of a way to misuse PreparedStatements that would cause such a problem. What makes me a bit suspicious is that a mid-string quite being interpreted as value terminator should cause an SQLException when the rest of the value can't be parsed. Does that happen?
Michael Borgwardt  2009-05-26 20:43:11
If there is, I won't be able to reload an updated version of the driver because other programs are using it. It is also running on a server which cannot be rebooted.
phill  2009-05-29 02:40:11
If thats really out of your control, then it looks like manual escaping of strings is the only thing you can do, although this is very difficult to get right.
Michael Borgwardt  2009-05-29 05:45:35
i'm struggling with it already. I wish java had an easier way of handling strings.
phill  2009-05-29 06:43:14
Which version of Java are you using? There are many string manipulation methods already associated to the String class and many more available via projects such as Apache Commonshttp://commons.apache.org/such as StringUtilshttp://commons.apache.org/lang/api-release/org/apache/commons/lang/StringUtils.html
martinatime  2009-05-31 05:28:18
i'm using Java 6
phill  2009-06-02 13:46:00
There is a more recent jdbc driver version for SS 2005 however I couldn't run the risk of rebooting the server following the install.
phill  2009-07-09 14:57:38
+3  A: 

You don't need to handle those characters specially if you're binding them as parameters to a PreparedStatement, as you are doing. That's one of the main benefits of the prepared-statement approach.

araqnid  2009-05-26 17:31:42
+3  A: 

Like the others have said, you do not have to do anything to handle the special characters. You need to try a different JDBC driver.

Try using the jTDS driver and see if it helps you with your PreparedStatement. It is an open source database driver for SQL Server. I use it at work now and it works like a champ and actually conforms to the JDBC specification unlike the MS driver.

Mr. Will  2009-05-29 02:52:59
could you suggest any example code or links which implements the jar file for a prepared statement?
phill  2009-05-29 04:33:44
The code example you have now would work. The only thing that would be different would be the driver url you use to create the connection.
Mr. Will  2009-05-29 05:27:09
when i try to run Class.forName("net.sourceforge.jtds.jdbc.Driver"); in a try..catch clause, it keeps telling me "must be caught or thrown" any ideas?
phill  2009-05-29 16:39:22
nevermind, when I just change the exception from sqlexception, it appears to be working
phill  2009-05-29 17:02:46
+1 for jTDS. Can't recommend it enough.
banjollity  2009-05-31 14:18:03
A: 

I'm fairly certain the problem isn't with the code you posted. To help troubleshoot:

  1. Have you tried running the code snippet above in a debugger? What's the value of "itemdescription" before you pass it to the database call?
  2. How are you actually verifying the value in the database? Is this more Java code? Or are you looking at it with SQLCMD or something like that?
Jack Leow  2009-06-01 12:50:25

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java