Tutorial :How do I handle special characters in a Java PrepareStatement?


In the following SQL query using the PreparedStatement class:

String query_descrip = "insert into timitemdescription (itemkey, languageid, longdesc, shortdesc) values (?, 1033, ?,?)";  PreparedStatement pstmt2 = con.prepareStatement(query_descrip);   pstmt2.setInt(1, rs4);  pstmt2.setString(2, itemdescription);  pstmt2.setString(3, itemdescription.substring(0,39));  pstmt2.executeUpdate();         

I sometimes get apostrophes and single and double quotes in my item descriptions. for example, my late issue with one item is a "Planar 22" monitor". Of course, the string was misinterpreted and thought the description value was just "Planar 22". What is the best way to handle special characters in a string?

I've read that some people are using regex, however these seemed to be specific to a case by case basis. Another way I'm working on is reading the string array character by character. I was hoping there was a more efficient and less resource-intensive way of doing this.

UPDDATE AFter some more extensive testing, it turns out there were more problems occuring in my code. it was also a URL Encoding problem. When the html form was being populated by the jsp code,it would try to move the description field to an online form, it truncates it there on the form rather than on the query. jTDS also corrected the problem receiving the special characters. Because jTDS is a jar, it also helped avoid rebooting the machine. I will award the jTDS thread the bounty since that was what I partially used.

thanks in advance


Since you are using PreparedStatement, you don't have to do anything at all, it will be handled for you by the JDBC driver. The only thing you have to look out for is non-ASCII characters, specifically you have to make sure the DB tables use an encoding for textual columns that can handle all characters you're going to use. But that's an SQL issue, not a Java issue.


You don't need to handle those characters specially if you're binding them as parameters to a PreparedStatement, as you are doing. That's one of the main benefits of the prepared-statement approach.


Like the others have said, you do not have to do anything to handle the special characters. You need to try a different JDBC driver.

Try using the jTDS driver and see if it helps you with your PreparedStatement. It is an open source database driver for SQL Server. I use it at work now and it works like a champ and actually conforms to the JDBC specification unlike the MS driver.


I'm fairly certain the problem isn't with the code you posted. To help troubleshoot:

  1. Have you tried running the code snippet above in a debugger? What's the value of "itemdescription" before you pass it to the database call?
  2. How are you actually verifying the value in the database? Is this more Java code? Or are you looking at it with SQLCMD or something like that?

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »