SQLServer里用字符常量中用''来转义出',如:
select '''','''''',char(39)你最好用类replace函数把'用''来替换,就没有问题了。
在sqlserver里如:select 'asdf''sdf' 没替换前
select replace('asdf''sdf','''','''''') 替换后一般insert你只要考虑'号就可以了。
select '''','''''',char(39)你最好用类replace函数把'用''来替换,就没有问题了。
在sqlserver里如:select 'asdf''sdf' 没替换前
select replace('asdf''sdf','''','''''') 替换后一般insert你只要考虑'号就可以了。
StringBuffer out = new StringBuffer();
for (int i = 0; in != null && i < in.length(); i++) {
char c = in.charAt(i);
if (c == '\'')
out.append("'");
else if (c == '\"')
out.append(""");
else if (c == '<')
out.append("<");
else if (c == '>')
out.append(">");
else if (c == '&')
out.append("&");
else if (c == ' ')
out.append(" ");
else if (c == '\n')
out.append("<br/>");
else
out.append(c);
}
return out.toString();
}
myValue=toHTMLString(myValue);
String sql1 = "insert into table1(col1)values('"+ myValue +"')";
Statement stmt = con.createStatment();
stmt.executeUpdate(sql1);
PreparedStatement st = null;
String strSqlClause = "insert into table1(col1)values(?)";
st =_conn.prepareStatement(strSqlClause);
st.setString(1,myValue);
st.executeQuery() ;
{
String originalStr=originalStr0;
if (originalStr==null)
{
return null;
}
if (oldStr==null || newStr==null)
{
return originalStr;
}
originalStr=originalStr + oldStr;
String returnStr="";
int nStart=0, nLastStart=0;
int nLength=originalStr.length(); while (nStart<nLength && nStart!=-1)
{
nStart=originalStr.indexOf( oldStr, nStart );
if (nStart!=-1)
{
returnStr=returnStr + originalStr.substring( nLastStart, nStart )+newStr;
}
else
break;
nStart=nStart+oldStr.length();
nLastStart=nStart;
//System.out.println( nStart );
}
return returnStr.substring( 0, returnStr.length()-newStr.length() );
}使用
myValue=replace(myValue,"'","''");
String sql1 = "insert into table1(col1)values('"+ myValue +"')";
再执行生成的SQL语句就可以了。