If I have a string that looks like this: This is a string with

Question

0

Asked: May 17, 20262026-05-17T00:20:41+00:00 2026-05-17T00:20:41+00:00

If I have a string that looks like this: This is a string with

0

If I have a string that looks like this:

This is a string
with single quotes ' all over
the ' place as well as
return characters

How would I convert this to a string that can be used in an INSERT statement?

INSERT INTO MyTable VALUES ('<the above string>');

The string above has the problems that it has return characters as well as single quotes which would mess up the validity of the INSERT statement above.

Edit: Sorry I probably should have been more clear. I’m generating a SQL Script with INSERT statements, not executing SQL within a Java app.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-17T00:20:42+00:00

Editorial Team

2026-05-17T00:20:42+00:00Added an answer on May 17, 2026 at 12:20 am

I’m generating a SQL Script with INSERT statements, not executing SQL within a Java app.

In that case, you’ll have to generate an “escaped” version of the String. To do so, I’d suggest using the ESAPI library from the OWASP project (if possible). See Defense Option 3: Escaping All User Supplied Input for more details.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

If I have a string that looks like this: This is a string with

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply