luka032 luka032 - 11 days ago 8
SQL Question

Escaping " in Java SQL query

How could I use

"
inside String using Java?


Example:

String query = "SELECT * FROM students WHERE name = \" " + sName + " \" ";


When I try this, while debugging my query variable has value with \" literally.

I'm trying to write SQL query with MySQL in Servlet.

Answer

Perhaps you should use single quotes. That is the standard in SQL:

String query = "SELECT * FROM students WHERE name = '" + sName + "'";

In any case, you should be using parameterized queries and not munging the query string query parameters.

Comments