Most elegant way to escape the apostrophes?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Most elegant way to escape the apostrophes?

laredotornado
Hi,

I'm using ibatis 2.3 with Tomcat 6.0.26, Java 1.6, MS Sql Server
2005.  I have this in my ibatis config file ...

                                <isNotEmpty property="keyword"
prepend="and">
                                        (name like '%$keyword$%' OR

So obviously, "$keyword$" just gets inserted as is.  However, if it
has a "'" (apostrophe) in it, the query fails.  So I tried doing this
in my Java bean method which gets used to populate the field ...

        public String getKeyword() {
                if (keyword != null) {
                        return keyword.replaceAll("'", "''");
                } else {
                        return null;
                }
        }

However, now if other parts of my Java application call
"getKeyword()", they get skewed results.  What is a better way to
handle the escaping of the apostrophe ?  Thanks, - Dave
Reply | Threaded
Open this post in threaded view
|

Re: Most elegant way to escape the apostrophes?

Larry Meadors
Don't. :)

<isNotEmpty property="keyword" prepend="and">
  (name like '%' + #keyword# + '%' OR

Larry


On Wed, Oct 6, 2010 at 3:03 PM, laredotornado <[hidden email]> wrote:

> Hi,
>
> I'm using ibatis 2.3 with Tomcat 6.0.26, Java 1.6, MS Sql Server
> 2005.  I have this in my ibatis config file ...
>
>                                <isNotEmpty property="keyword"
> prepend="and">
>                                        (name like '%$keyword$%' OR
>
> So obviously, "$keyword$" just gets inserted as is.  However, if it
> has a "'" (apostrophe) in it, the query fails.  So I tried doing this
> in my Java bean method which gets used to populate the field ...
>
>        public String getKeyword() {
>                if (keyword != null) {
>                        return keyword.replaceAll("'", "''");
>                } else {
>                        return null;
>                }
>        }
>
> However, now if other parts of my Java application call
> "getKeyword()", they get skewed results.  What is a better way to
> handle the escaping of the apostrophe ?  Thanks, - Dave
>