Eric Choley wrote:
>
> I see what you mean Samuel but when you send to the database (by a form on
> internet and a servlet writting in Java) a text with 60000 chars (for
> example), my servlet has to read char by char the text and if the char
It's wrong programming practice if you are reading char by char. You
must read by long blocks. Every read generates interrupt and this takes
time.
> analysed is a ' I change it with a \'.... it will be very long !! and in
> the same way, when I executeQuery, I have to change the \' in '....
> oulalala !!!!! Three hours after the page appear ?!?! Is there nothing
> else similary to ' to do the same think ('All my texte with 60000 char and
> a f.... ' and the end of my text with').
Cool down :). If you use right techniques, it does not take 3 hours even
on 386 class computer. If you do, then something must be wrong with your
program. All SQL-s need escaping in this case. And you dont have make
reverse de-escaping you concerned about.
> My line in my java servlet:
> executeUpdate("update myTable set dbText='" + myStringText + "' where
> dbSomething='Something'");
It must be something like
executeUpdate("update myTable set dbText='" + dbEscape( myStringText ) +
"' where dbSomething='Something'");
but don't know about Java. In pure C there is API call
mysql_escape_string(). Read the manual chapter
http://mysql.mirror.ok.ee/Manual_chapter/manual_Clients.html#mysql_escape_string
--
+---------------------------------------------------------------------+
| TcX ____ __ _____ _____ ___ |
| /*/\*\/\*\ /*/ \*\ /*/ \*\ |*| Tõnu Samuel |
| /*/ /*/ /*/ \*\_ |*| |*||*| mailto: tonu@stripped |
| /*/ /*/ /*/\*\/*/ \*\|*| |*||*| Tallinn |
| /*/ /*/ /*/\*\_/*/ \*\_/*/ |*|_____ Estonia |
| ^^^^^^^^^^^^/*/^^^^^^^^^^^\*\^^^^^^^^^^^ |
| /*/ \*\ Developers Team |
+---------------------------------------------------------------------+
