Escape character problems in sqlConnectionString
Posted on 2003-11-05
Here's the code I'm having problems with:
sqlQueryString += " WHERE " + filterField + " = '" + filter + "'";
//later I use it like this:
dbStatement = dbConn.createStatement();
dbResultSet = dbStatement.executeQuery(sqlQueryString);
the problem is that java inserts escape characters (\) before the ' on the "filter" variable.
so sqlQueryString ends up looking like this:
"select UserName from Users WHERE UserID = \'billybob\'"
and of course this throws an exception when it get to the database (Oracle). What I want the sqlQueryString to look like is:
"select UserName from Users WHERE UserID = 'billybob'"
Seems to me I must be missing something cuz this is a pretty common operation I'm trying to do here. Help!