堆栈内存溢出
  简体   繁体   English

如何在MySQL和Java中转义引号“”字符

[英]How to escape quotes “” characters in MySQL and Java

 原文  2009-12-10 01:06:05       java/ mysql

问题描述

How can we escape quotes "" characters in Java and MySQL? 我们怎样才能逃避Java和MySQL中的quotes ""

An incoming XML file has quotes, and I am parsing through that file using Java. 传入的XML文件有引号,我使用Java解析该文件。 So I want to escape the quotes here, but in the database it should contain quotes. 所以我想在这里转义引号,但在数据库中它应该包含引号。 When I am doing a query the result would have quotes. 当我进行查询时,结果会有引号。 While displaying on a webpage it should also show quotes. 在网页上显示时,它还应显示引号。

5 个解决方案

解决方案1
 11 已采纳  2009-12-10 02:48:09

Let me try and understand... 让我试着理解......

The incoming file has quotes in it. 传入的文件中包含引号。 You want to send it to a database. 您想将其发送到数据库。 When you get it back from the database then you still want those quotes to be there. 当你从数据库中取回它然后你仍然希望那些引号存在。

So is it just to/from the database that you are having your issue? 那么,您是否正在从数据库中获取您的问题?

If so then I highly suspect you are doing something on the order of: (I'm wrapping it in a disclaimer to keep the unsuspecting from misunderstanding and cutting/pasting into their own applications. ;)) 如果是这样,那么我非常怀疑你是按照以下顺序做的事情:(我将其包含在免责声明中,以防止误解和切割/粘贴到他们自己的应用程序中。;))

Bad - do not do this 不好 - 不要这样做 

String sql = "insert into foo (bar,baz) values(" +myValue1 + ", " + myValue2 + ")";
Statement stmt = connection.createStatement();
stmt.executeUpdate(sql);

Bad - do not do that 不好 - 不要那样做

If so then you should really be using prepared statement's parameters at a minimum. 如果是这样,那么你应该至少使用预准备语句的参数。 a) you will be less vulnerable to malicious garbage deleting all of your tables, and b) you will not have any escaping problems. a)您将不那么容易被恶意垃圾删除所有表格,并且b)您将不会有任何逃避问题。 

String sql = "insert into foo (bar, baz) values( ?, ? )";
PreparedStatement stmt = connection.prepareStatement(sql);
stmt.setString(1, myValue1);
stmt.setString(2, myValue2);
stmt.executeUpdate();

Note that it's also safer in the case of things like CLOBs and the specifics of different database implementations (I'm thinking of you, Oracle >)) 请注意,对于像CLOB这样的事情以及不同数据库实现的具体情况,它也更安全(我在想你,Oracle>))

If it is some other kind of escaping, that is, to/from XML or to/from HTML then that's different, but it is well documented all over the web. 如果它是某种其他类型的转义,即来自XML或来自HTML,那么这是不同的,但它在整个网络上都有很好的文档记录。

Or provide some example code if I'm totally off base. 或者提供一些示例代码,如果我完全偏离基础。

解决方案2
 3  2009-12-10 01:06:53

几乎任何东西的典型转义字符都是反斜杠\\

解决方案3
 3  2009-12-10 01:07:20

You should use: 你应该使用: 

\"

​​​​​​​​​​​​

解决方案4
 2  2009-12-10 01:08:24

Anything (OK, not anything), but most characters use 任何东西(好的,不是什么),但大多数角色都使用 

 \

as the escape character. 作为逃脱角色。

解决方案5
 0  2009-12-10 01:15:07

The obvious (and best) thing to do is what everyone else suggested. 显而易见(也是最好)的事情是其他人建议的。 A goofy alternative is to put the double quote inside a single quote: 一个愚蠢的选择是将双引号放在单引号中: 

String quotedText = '"' + "A quick brown fox..." + '"';

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在Java中的MySQL语句中转义引号 - How to escape quotes in a MySQL statement in Java 如何在Java中转义引号 - How to escape quotes in Java 如何在Java中转义转义字符 - how to escape escape characters in Java 如何在Java中转义“\”字符 - How to escape “\” characters in Java 如何在Java中转义某些字符 - How to escape certain characters in java 如何HTML转义Java字符串中的卷曲引号 - How To HTML Escape Curly Quotes in a Java String 如何动态转义Java中的JSON中的双引号 - How to escape double quotes in a JSON in Java dynamically 如何在 Java 中从 jsonString 的引号内转义引号 - how to escape quotes inside quotes from jsonString in Java Java中的字符串中的转义引号 - Escape quotes in a String in Java 如何在Java中将转义字符作为文本读取? - How to read escape characters as text in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM