An example of this is if you want to issue the following SQL command:
SELECT * FROM BIRDS
WHERE SPECIES='Williamson's Sapsucker'
In this case, the apostrophe in "Williamson's" is going to cause a problem for the database because SQL will interpret it as a string delimiter. It is not good enough to use the C-style escape \', because that substitution would be made by the Java compiler before the string is sent to the database.
Different flavors of SQL provide different methods to deal with this situation. JDBC abstracts these methods and provides a solution that works for all databases. With JDBC you could write the SQL as follows:
Statement statement = // obtain reference to a Statement
statement.executeQuery(
"SELECT * FROM BIRDS WHERE SPECIES='Williamson/'s Sapsucker' {escape '/'}");
The clause in curly braces, namely {escape '/'}, is special syntax used to inform JDBC drivers what character the programmer has chosen as an escape character. The forward slash used as the SQL escape has no special meaning to the Java compiler; this escape sequence is interpreted by the JDBC driver and translated into database-specific SQL before the SQL command is issued to the database.
例外一种解决方案:使用 PreparedStatement
分享到:
相关推荐
JDBC中动态拼接SQL的工具类。 对于使用纯SQL访问数据库的同学会有些帮助。 并具有一定的扩展性。
JAVA JDBC数据库连接字符串 jdbc连接字符串 内有多各数据库的示例! Oracle mysql sqlserver...
JDBC连接字符串大全 racle8/8i/9i数据库(thin模式) Class.forName("oracle.jdbc.driver.OracleDriver").newInstance(); String url="jdbc:oracle:thin:@localhost:1521:orcl"; //orcl为数据库的SID String ...
包含有SQL2000JDBC SQL2005JDBC ORACLEJDBC MYSQLJDBC 的jar包及连接示例
Microsoft SQL Server Express通过JDBC-ODBC桥和jdbc远程连接.pdf
各种数据库的JDBC驱动下载及连接字符串URL写法,希望能帮助大家
将java的jar包打包成exe文件用exe4j这个工具,我也是新下载的 以及Java文件导出jar包的操作
配合原生jdbc仿动态sql注入 if (ObjectUtil.isNotEmpty(maxLat)&&ObjectUtil.isNotEmpty(minLat)){ sqlParamList.add(new SqlParam("lat",minLat, SqlOpEnum.GE)); sqlParamList.add(new SqlParam("lat",maxLat, ...
ms sql+mysql+oracle 的 jdbc 驱动,内含链接字符串。
(全部是JAVA)jdbc和odbc连接字符串包括,Oracle SQL MySQL DB2 Access Sybase Informix PostgreSQL等等,有很多朋友因为连接字符串的问题,往往都会浪费很多时间。所以我把这些连接字符串都做成了一个Word文档,供...
java开发是连接数据库时的技术总结,希望有所帮助
测试JDBC与数据库的连接以及SQL注入
用以从一串字符串中,指定某个符号进行区分,取出出从第N个符号到第M个符号之间的所有数据。
*** *** *** *** *** *** SQL Server 2000 ( ODBC ) *** *** *** *** *** *** ##url=jdbc:odbc:sourceName ##driverClassName=sun.jdbc.odbc.JdbcOdbcDriver ##username=sa ##password=sa
JDBC所有数据库连接字符串 找了好久啊,你一定用的着 包括:mysql;sql-server;db2;oracle;...... 等等主流数据库
另外,如果在SQL*PLUS中能够输入中文,操作系统缺省应该是支持中文的,但如果在NLS_LANG中的字符集设置为US7ASCII,显然也是不正确的,它没有反映客户端的实际情况。但在实际应用中汉字显示却是正确的,这主要是因为...
jdbc:microsoft:sqlserver://127.0.0.1:1433;DatabaseName=WapSvc;User=sa;Password=pwd Informix com.informix.jdbc.IfxDriver jdbc:informix-sqli://hostname:1526/dbname:INFORMIXSERVER=informixservername;...
sqlserver2000和sqlserver2005驱动包 sqlserver2000驱动字符串为: com.microsoft.jdbc.sqlserver.SQLServerDriver sqlserver2005驱动字符串为: com.microsoft.sqlserver.jdbc.SQLServerDriver
Class.forName("com.microsoft.jdbc.sqlserver.SQLServerDriver").newInstance(); //DB2数据库 Class.froName("com.ibm.db2.jdbc.app.DB2Driver").newInstance(); //Informix数据库 Class.forName(...
使用JDBC访问数据库,比如import java.sql.*; public class shiyan8jdbc1 { public static void main(String[] args) { String JDriver="com.microsoft.sqlserver.jdbc.SQLServerDriver";//SQL数据库引擎 ...