I have a form in jsp and if someone enters special character (like single quote ') in text field (ex L'orel) and submit, it gives a error. I know this is a special character conflict, but how can I override special characters by submitting a form through JAVA. Is there any way to submit such data in sql?
One thing to be noticed here is that if there are 10 text boxes in a form, we don't know in which text box user will enter special character.

Does anyone has any idea how it will be possible.

Thanks,

Recommended Answers

All 2 Replies

use a stored procedure that will accept parameters to insert into a table

It sounds like you are doing inserts manually through code and you will be more subjected to sql injectection attacks

Thanks for the reply. Could you please give me some example of any such procedure?
And I couldn't understand why it is vulnerable to sql injection attacks. Basically I am using struts framework, where JSP is for presentation part(Here I have this form) and servlet(action) is used for doing action after submitting jsp page.

Thanks once again.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.