Re: single quotes again

Hi Tony,

I'm not sure if it's any help but I had the same kind of problem when
writing the user signup code in PHP for the techdocs site.

In PHP there's a set of functions called rawurlencode() and
rawurldecode() which take an input string (i.e. D'Arcy Cain) then make
it URL encodes  i.e.  D%28Arcy%20Cain  (not sure about the value numbers
there).  I just rawurlencode() everything after receiving it, use the
URL encoded version everywhere in the code for safety, then before
displaying it run the output through rawurldecode().

This way I never have to worry about the user input, as the only
characters that are ever there are alpha's and the % character.  Not
doing LIKE queries so it's all good.

If Java has a method to URL encode stuff then it might be the way to
go.  It does mean you have to enlarge your column widths though.

:-)

Regards and best wishes,

Justin Clift


tony wrote:
>
> I have localized the source of my problem.
>
> Macromedia Ultradev is JSP 1.0
> The previous version of Tomcat I was running was also JSP 1.0. The
> escaping of single quotes in sql queries was handles automagically.
>
> Moving to Tomcat 3.2 and Tomcat 4.x I am now running a JSP 1.1 or 1.2
> container. Now the escaping seems to be handled by a jakarta taglib. The
> other solution seems to be - manually modify the JSP source to put "
> around the insert statements.
>
> Cheers
>
> Tony Grant
>
> --
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo@postgresql.org so that your
> message can get through to the mailing list cleanly

--
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
   - Indira Gandhi