> As I've been suggesting on the list (two times? three times? all in the last
> 24 hours!), use PreparedStatement. It looks like this:
>
> PreparedStatement ps=conn.
> prepareStatement("insert into tablename values (?,?,?)");
> ps.setString(1, "O'Donnell"); // correctly escaped
> ps.setTimestamp(2, new Timestamp(myDate.getTime()));
> ps.setInt(3, 4);
> ps.executeUpdate();
>
> I'm typing from memory and a bit blurry, so some method names may be
> incomplete but note how much work I put into converting the apostrophes, and
> how hard I had to try to get the date formatted properly. For any compliant
> JDBC driver, this code will work as intended, and I didn't have to do
> anything for it. Welcome to Java.Another option is to use the Jakarta DBTags tag library (http://jakarta.apache.org/taglibs/doc/dbtags-doc/intro.html), which has a <sql:escapeSql> tag that handles all of the conversion stuff for you, too. Incidentally, Joseph, does your method work when using the ODBC-JDBC bridge? I use that on my local machine, while I use a JDBC driver on my hosting account. Just curious.... -David Castro email[at]davidcastro[dot]com http://jsp.davidcastro.com __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://archives.java.sun.com/jsp-interest.html http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.jsp http://www.jguru.com/faq/index.jsp http://www.jspinsider.com
