List:General Discussion« Previous MessageNext Message »
From:Tõnu Samuel Date:July 5 1999 3:41pm
Subject:Re: Problem (char ') in a UPDATE...
View as plain text  
Eric Choley wrote:
> 
> I see what you mean Samuel but when you send to the database (by a form on
> internet and a servlet writting in Java) a text with 60000 chars (for
> example), my servlet has to read char by char the text and if the char

It's wrong programming practice if you are reading char by char. You
must read by long blocks. Every read generates interrupt and this takes
time. 

> analysed is a ' I change it with a \'.... it will be very long !! and in
> the same way, when I executeQuery, I have to change the \' in '....
> oulalala !!!!! Three hours after the page appear  ?!?! Is there nothing
> else similary to ' to do the same think ('All my texte with 60000 char and
> a f.... ' and the end of my text with').

Cool down :). If you use right techniques, it does not take 3 hours even
on 386 class computer. If you do, then something must be wrong with your
program. All SQL-s need escaping in this case. And you dont have make
reverse de-escaping you concerned about. 
 
> My line in my java servlet:
> executeUpdate("update myTable set dbText='" + myStringText + "' where
> dbSomething='Something'");

It must be something like

executeUpdate("update myTable set dbText='" + dbEscape( myStringText ) +
"' where dbSomething='Something'");

but don't know about Java. In pure C there is API call
mysql_escape_string(). Read the manual chapter
http://mysql.mirror.ok.ee/Manual_chapter/manual_Clients.html#mysql_escape_string


-- 

+---------------------------------------------------------------------+
| TcX  ____  __     _____   _____  ___                                |
|     /*/\*\/\*\   /*/ \*\ /*/ \*\ |*|       Tõnu Samuel              |
|    /*/ /*/ /*/   \*\_   |*|   |*||*|       mailto: tonu@stripped   |
|   /*/ /*/ /*/\*\/*/  \*\|*|   |*||*|       Tallinn                  |
|  /*/     /*/  /*/\*\_/*/ \*\_/*/ |*|_____  Estonia                  |
|  ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^                           |
|             /*/             \*\                   Developers Team   |
+---------------------------------------------------------------------+
Thread
Problem (char ') in a UPDATE...Eric Choley5 Jul
  • Re: Problem (char ') in a UPDATE...Tõnu Samuel5 Jul
  • RE: Problem (char ') in a UPDATE...Bill Gerrard5 Jul
  • Re: Problem (char ') in a UPDATE...Clyde Smith-Stubbs6 Jul