Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Prepared Statement Not Escaping Apostrophe

Tags:

java

hibernate

prepared-statement

jdbc

I am using JDBC connection object obtained from hibernate to perform bath update, I am doing this because I need to use the MySql ON DUPLICATE feature. But, when trying to insert I am not able to inset saying the string has special characters,

Session session = sessionFactory.openSession();
PreparedStatement pstm = null;
Connection conn = session.connection();

try
{
    IRKeyWordTweet record = null;
    conn.setAutoCommit(false);

    for (Iterator itrList = statusToInsert.iterator(); itrList.hasNext();) 
    {   
        try
        {
            record = (IRKeyWordTweet) itrList.next();
            pstm = (PreparedStatement) conn.prepareStatement("INSERT QUERY");

            System.err.println(record.getTwtText());

            //tweetId
            pstm.setLong(1, record.getTweetId());

            Setters For Prepared statement....
            pstm.addBatch();
            int[] updateCounts = pstm.executeBatch();
        }
        catch (Exception e) 
        {
            e.printStackTrace();
        }
    }
}
catch (Exception e) 
{
    log.error("Exception Occured",e);
}
finally
{   
    try 
    {
        pstm.close();
        conn.close();
    }
    catch (SQLException e) {
        e.printStackTrace();
    }
    session.close();
}

What could be causing this?

like image 246
sesmic Avatar asked Aug 24 '11 13:08

sesmic

People also ask

What happens if PreparedStatement is not closed?

Yes, you have to close the prepared statements ( PreparedStatement Object) and result sets as they may cause memory leakage.

Does PreparedStatement extend Statement?

The PreparedStatement interface extends the Statement interface it represents a precompiled SQL statement which can be executed multiple times. This accepts parameterized SQL quires and you can pass 0 or more parameters to this query.

Can I use same PreparedStatement multiple times?

You can execute a given prepared statement multiple times, passing different variables to it or setting the variables to different values before each execution. For examples, see Section 13.5, “Prepared Statements”.

How to escape single and double quotes in MySQL?

If you need to use single quotes and double quotes in a string that contains both a contraction and a quote, you will need to use the backslash '' to cancel out the following character.

1 Answers

To escape single quotes, you can use JDBC's escape sequence:

Statement statement = 
statement.executeQuery(
  "SELECT * FROM DATA_TABLE  WHERE COLUMN1 LIKE 'Having\'s Quotes%' {escape '\'}");

The { escape '\'} informs the JDBC driver to translate the '\' character to the database-specific escape character.

Helpful link here

Also, if you use a PreparedStatement, you don't even have to escape!

PreparedStatement ps = conn.prepareStatement("SELECT * FROM DATA_TABLE WHERE COLUMN1 LIKE ?%");
ps.setString(1, "Having's Quotes");
like image 52
Kal Avatar answered Oct 01 '22 18:10

Kal
Sign in to Comment

Related questions

Regex unordered matches
datetime type in Mysql database
Alternatives to XPath for XML to Domain Object converter
How to get the filename of the Current Active Tab from eclipse IDE?
why all fields are public in playframework?
ProGuard obfuscation variable naming, how to avoid local and param prefixes?
Date Selection in Java
Bad Performance for Dedupe of 2 million records using mapreduce on Appengine
Is this a good practice to use the "default" Java access to hide classes and methods from client
Copy constructor help, trying to copy a boolean array. Java
Using Java Double.toString() style formatting with more digits (DecimalFormat does not work with low precision numbers)
Dissect a byte array into distinct data types?
Java Throttling
ClassCastException - oracle.jdbc.OraclePreparedStatement
Fastest way to deploy a Java servlet?
How to update/paint JProgressBar while Swing is loaded building the GUI
Is there a quick lookup for url-to-controller mapping when @RequestMapping is used?
Why can't I set HashMap<CharSequence,CharSequence> to HashMap<String,String>
In java how can I extract camera related information from an image?
Floating-Point Arithmetic = What is the worst precision/difference from Dec to Binary?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!