在JDBC中为SQL查询插入单引号无效 [英] Inserting single quote in JDBC for SQL Query not working

查看:113
本文介绍了在JDBC中为SQL查询插入单引号无效的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

在通过Oracle JDBC在JAVA中的预备语句中使用单引号时,我遇到了问题.

I'm having issues dealing with the single quote while using it in a prepared statement in JAVA via Oracle JDBC.

假设我们有一个表Restaurant,其中有一个值为1的restaurant_name列:Jack's Deli

Let's say we have a table Restaurant with a column restaurant_name with 1 value : Jack's Deli

我想使用一个简单的预准备语句查询,如下所示:

I want to use a simple prepared statement query like this:

    String result = "Jack\'\'s Deli"
    String sqlStatement = "select * from Restaurant where restauraunt_name like ? escape '\\' ";
    PreparedStatement pStmt = conn.prepareStatement(sqlStatement);
    pstmt.setString(1, result);

结果显示0个返回值,但是当我直接在数据库(ORACLE)中搜索查询时,它可以正常工作并检索结果. (Oracle使用两个单引号作为转义符)

The result shows 0 returned values, however when I directly search the query in the database (ORACLE) it works fine and retrieves the result. (Oracle uses two single quotes as an escape for the first)

我认为该值未正确传递给数据库.或还有其他格式问题.

I am thinking that the value is not being passed properly to the database. Or there is some other formatting issue.

推荐答案

准备好的语句的重点是您不需要任何转义.

The point of prepared statements is that you don't need any escaping.

.setString(1, "Jack's Deli")将完成它.

这篇关于在JDBC中为SQL查询插入单引号无效的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆