插入记录时转义oracle sql序列是什么?
[英]what is the escape oracle sql sequence while inserting a record?
问题描述
I'm inserting a record in oracle database, where I'm taking values from a java bean. 
我在oracle数据库中插入一条记录,从Java bean中获取值。 It goes like this:: 它是这样的:
insert into allergy (patient_id, allergy, reaction) values(seq_patient.nextval, '" + bean.getPatient_allergy() + "', '"+ bean.getReaction()+"')";
But the values for allergy can gave an apostrophe which causes the sql to fail with ORA-00917: missing comma. 但是过敏值会引起撇号,导致sql因ORA-00917失败:缺少逗号。 is there any way to overcome this problem? 有什么办法可以克服这个问题?
3 个解决方案
解决方案1
5 已采纳 2011-09-21 15:31:43
Use parameterized statements instead of injecting variables into a query: 使用参数化语句,而不是将变量注入查询中:
http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html
解决方案2
1 2011-09-21 15:32:48
It's better to use bind variables in preference to building your query as a string. 最好优先使用绑定变量 ,以将查询构建为字符串。
That'll take care of your problem. 这样可以解决您的问题。 It will also prevent SQL injection attacks (also, see Bobby Tables ). 它还将防止SQL注入攻击 (另请参阅Bobby Tables )。
Here is some info on how to use prepared statements and bind variables in Java: link . 这是一些有关如何在Java中使用预备语句和绑定变量的信息: link 。
解决方案3
0 2011-09-21 15:33:31
How about using parameterized query instead of assembling the INSERT command? 如何使用参数化查询而不是组装INSERT命令? Tha would also fix your current SQL Injection vulnerability. Tha还将修复您当前的SQL Injection漏洞。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.