如何转义引号“" MySQL和Java中的字符 [英] How to escape quotes "" characters in MySQL and Java

问题描述

如何在Java和MySQL中转义quotes ""字符?

How can we escape quotes "" characters in Java and MySQL?

传入的XML文件带有引号，我正在使用Java解析该文件.因此，我想在此处转义引号，但在数据库中应包含引号.当我进行查询时，结果将带有引号.在网页上显示时，它还应该显示引号.

An incoming XML file has quotes, and I am parsing through that file using Java. So I want to escape the quotes here, but in the database it should contain quotes. When I am doing a query the result would have quotes. While displaying on a webpage it should also show quotes.

推荐答案

让我尝试理解...

传入的文件中带有引号.您要将其发送到数据库.当您从数据库取回它时，您仍然希望这些引号都在那里.

The incoming file has quotes in it. You want to send it to a database. When you get it back from the database then you still want those quotes to be there.

那么仅仅是发生问题的数据库?

So is it just to/from the database that you are having your issue?

如果是这样，那么我高度怀疑您正在按以下顺序进行操作:(我将其包装在免责声明中，以免引起误会，并避免误切/粘贴到自己的应用程序中. ))

If so then I highly suspect you are doing something on the order of: (I'm wrapping it in a disclaimer to keep the unsuspecting from misunderstanding and cutting/pasting into their own applications. ;))

String sql = "insert into foo (bar,baz) values(" +myValue1 + ", " + myValue2 + ")";
Statement stmt = connection.createStatement();
stmt.executeUpdate(sql);

不好-不要这样做

如果是这样，那么您实际上应该至少使用预处理语句的参数. a)您将不易受到恶意垃圾删除所有表的攻击，并且b)您将不会遇到任何转义问题.

Bad - do not do that

If so then you should really be using prepared statement's parameters at a minimum. a) you will be less vulnerable to malicious garbage deleting all of your tables, and b) you will not have any escaping problems.

String sql = "insert into foo (bar, baz) values( ?, ? )";
PreparedStatement stmt = connection.prepareStatement(sql);
stmt.setString(1, myValue1);
stmt.setString(2, myValue2);
stmt.executeUpdate();

请注意，在诸如CLOB和不同数据库实现的细节之类的情况下，这种方法也更安全(我在想您，Oracle>)

Note that it's also safer in the case of things like CLOBs and the specifics of different database implementations (I'm thinking of you, Oracle >))

如果是某种其他的转义，即往返于XML或往返于HTML，则有所不同，但是在整个Web上都有很好的文档记录.

If it is some other kind of escaping, that is, to/from XML or to/from HTML then that's different, but it is well documented all over the web.

或者如果我完全不了解，请提供一些示例代码.

Or provide some example code if I'm totally off base.

这篇关于如何转义引号“" MySQL和Java中的字符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！