Hello everyone, I need help in this scenario.
@sunforumsguest55
Could you please guide me on how I can achieve this? I saw someone had already mentioned it before, but that ticket is closed, so I'm raising this question again because I haven't found a solution yet.
would like to see what the value of setString() is for a given prepared statement call.
Because of reasons that would take me to long to explain that I cannot use preparedstatements with their parameters - I need a way to execute a query like the following:
String query = "insert into blahtable (somestring) values (\"asdfds\'\s sdsfdasfd \"\& ...\");
PreparedStatement stmt = connection.prepareStatement(query);
I know prepared statements can take care of this, but I want to know and write the query as above without the need of prepared statements help for string.
Below is an example with prepared statement - but not what I want to do
For example:
String oddstringwithunusalcharacters = "...";
String query = "insert into blahtable (somestring) values (?)";
PreparedStatement stmt = connection.prepareStatement(query);
stmt.setString(1, oddstringwithunusalcharacters);
I would like to see what the actual query looks like and what the actual string was passed:
--> insert into blahtable (something) values ("asdfds\'\s sdsfdasfd \"\& .... ")
It is not sufficient enough for me to escape quotes and apostrophes because there maybe other unusual characters that I do not know of since the string is passed by an unknown source.
this is my scenario
I'm using Struts 1 and Oracle SQL as my database. I'm facing the same issue with prepared statements. In my scenario, I'm generating a .csv file, but when I input a company name from my database, some company names contain apostrophes (') and double quotes ("). Because of this.
Prepared statements are not handling apostrophes and commas correctly in my case. How can I resolve this conversion issue?