Suat Gonul <[email protected]> writes:
> Hi Knut,
>
> It seems that is the problem, thanks. But, then I think I should escape
> special characters contained the values. Is there standard procedure for
> this? Is there a list of of special characters? What do you suggest?
I'd suggest that you use prepared statements with parameter markers
INSERT INTO t (id, revision) VALUES (?, 1)
and use ps.setString(1, "string value") to set the value. Then you don't
need to worry about special characters in the string.
If you want to specify the string literally in your SQL statement, only
the single-quote character is a special character, as far as I know, and
it can be escaped with an extra single-quote character. For example, to
insert the string «It's safer with PreparedStatement», you would have to
do something like this:
INSERT INTO t (id, revision) VALUES ('It''s safer with PreparedStatement', 1)
