On 09/13/2012 01:54 PM, Knut Anders Hatlen wrote: > Suat Gonul <[email protected]> writes: > >> Hi Knut, >> >> It seems that is the problem, thanks. But, then I think I should escape >> special characters contained the values. Is there standard procedure for >> this? Is there a list of of special characters? What do you suggest? > I'd suggest that you use prepared statements with parameter markers > > INSERT INTO t (id, revision) VALUES (?, 1) > > and use ps.setString(1, "string value") to set the value. Then you don't > need to worry about special characters in the string. > > If you want to specify the string literally in your SQL statement, only > the single-quote character is a special character, as far as I know, and > it can be escaped with an extra single-quote character. For example, to > insert the string «It's safer with PreparedStatement», you would have to > do something like this: > > INSERT INTO t (id, revision) VALUES ('It''s safer with PreparedStatement', 1) >
Thank you very much. Escaping the ' character with another ' has solved my problem. Indeed I am doing a bulk insertion operation (1000 insertion at a time (Values > 1000 causes stackoverflow exception)). So I prepare the query in advance and execute it in one step. In total, I have ~1M records. However, I could not decide on which one would be more efficient. So, I'm trying both options now. Thanks again, Best, Suat
