0

I have a form in jsp and if someone enters special character (like single quote ') in text field (ex L'orel) and submit, it gives a error. I know this is a special character conflict, but how can I override special characters by submitting a form through JAVA. Is there any way to submit such data in sql?
One thing to be noticed here is that if there are 10 text boxes in a form, we don't know in which text box user will enter special character.

Does anyone has any idea how it will be possible.

Thanks,

2
Contributors
2
Replies
3
Views
9 Years
Discussion Span
Last Post by mantoo
0

use a stored procedure that will accept parameters to insert into a table

It sounds like you are doing inserts manually through code and you will be more subjected to sql injectection attacks

0

Thanks for the reply. Could you please give me some example of any such procedure?
And I couldn't understand why it is vulnerable to sql injection attacks. Basically I am using struts framework, where JSP is for presentation part(Here I have this form) and servlet(action) is used for doing action after submitting jsp page.

Thanks once again.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.