Link to home
Start Free TrialLog in
Avatar of databoks
databoksFlag for Denmark

asked on

SQL Update statement fails.


I have a Java App which I have a connection to a SQL server to. The problem is that when i Excecute a Update/Insert statement and the content contains a ' the Update fails because i already got this In my Code.

For example

Void Update(String SQL)
   //Class connction goes here..
  Update dbo.Table set Column ='" + SQL + '");
Then if the SQL Variable already contains a ' then it will Fail.. Is there any way i can get around this problem?
Avatar of Bart Cremers
Bart Cremers
Flag of Belgium image

Normally you should escape the single quote in your SQL with another single quote. So,

It'll work!!!


It''ll work!!!
Avatar of databoks


Well the problem is that the example above is simple. But i import Log to tables that has over 8000 characters and there can be 15-20 of ' in the contents.

So I can't just add a ' because sometimes its not even there..
Avatar of Bart Cremers
Bart Cremers
Flag of Belgium image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CEHJ
Use PreparedStatement. All escaping will be done automatically
Thank you. That solved the Problem.

Thanks again!
No need to do that. Apart from which, there could be other characters that need escaping too