From: Ronald Klop (Mailing List)
Date: November 4 2011 12:22pm
Subject: escaping in a non-prepared query
List-Archive: http://lists.mysql.com/java/9340
Message-Id: <1186877837.32.1320409339640.JavaMail.tomcat@localhost>
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_31_192950746.1320409339636"

------=_Part_31_192950746.1320409339636
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

 In my application I have a query which is very hard to rewrite to a preparedstatement for legacy reasons. Is there some method so I can do the right escaping by hand?

 query = "SELECT * FROM foo WHERE bar = '" + MySQLUtils.escapeString("bla") + "'";

 Something like that.

 Thanks in advance,
 Ronald.
------=_Part_31_192950746.1320409339636--