如何转义引号“" MySQL和Java中的字符 [英] How to escape quotes "" characters in MySQL and Java
问题描述
如何在Java和MySQL中转义quotes
""
字符?
How can we escape quotes
""
characters in Java and MySQL?
传入的XML文件带有引号,我正在使用Java解析该文件.因此,我想在此处转义引号,但在数据库中应包含引号.当我进行查询时,结果将带有引号.在网页上显示时,它还应该显示引号.
An incoming XML file has quotes, and I am parsing through that file using Java. So I want to escape the quotes here, but in the database it should contain quotes. When I am doing a query the result would have quotes. While displaying on a webpage it should also show quotes.
推荐答案
让我尝试理解...
传入的文件中带有引号.您要将其发送到数据库.当您从数据库取回它时,您仍然希望这些引号都在那里.
The incoming file has quotes in it. You want to send it to a database. When you get it back from the database then you still want those quotes to be there.
那么仅仅是发生问题的数据库?
So is it just to/from the database that you are having your issue?
如果是这样,那么我高度怀疑您正在按以下顺序进行操作:(我将其包装在免责声明中,以免引起误会,并避免误切/粘贴到自己的应用程序中. ))
If so then I highly suspect you are doing something on the order of: (I'm wrapping it in a disclaimer to keep the unsuspecting from misunderstanding and cutting/pasting into their own applications. ;))
String sql = "insert into foo (bar,baz) values(" +myValue1 + ", " + myValue2 + ")";
Statement stmt = connection.createStatement();
stmt.executeUpdate(sql);
不好-不要这样做
如果是这样,那么您实际上应该至少使用预处理语句的参数. a)您将不易受到恶意垃圾删除所有表的攻击,并且b)您将不会遇到任何转义问题.
Bad - do not do that
If so then you should really be using prepared statement's parameters at a minimum. a) you will be less vulnerable to malicious garbage deleting all of your tables, and b) you will not have any escaping problems.
String sql = "insert into foo (bar, baz) values( ?, ? )";
PreparedStatement stmt = connection.prepareStatement(sql);
stmt.setString(1, myValue1);
stmt.setString(2, myValue2);
stmt.executeUpdate();
请注意,在诸如CLOB和不同数据库实现的细节之类的情况下,这种方法也更安全(我在想您,Oracle>)
Note that it's also safer in the case of things like CLOBs and the specifics of different database implementations (I'm thinking of you, Oracle >))
如果是某种其他的转义,即往返于XML或往返于HTML,则有所不同,但是在整个Web上都有很好的文档记录.
If it is some other kind of escaping, that is, to/from XML or to/from HTML then that's different, but it is well documented all over the web.
或者如果我完全不了解,请提供一些示例代码.
Or provide some example code if I'm totally off base.
这篇关于如何转义引号“" MySQL和Java中的字符的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!