I’m using an XML file as a database, it gets the entries from a MySQL database. To add a new entry, I have a page that takes a parameterized query for things like name, date, location, etc and enters the data into the database provided the information is given in the proper format.

For example, I want to put en the name, I encode like this:

String name = "Mark" // Just for demonstration
String nameEn = URLEncoder.encode(name, "UTF-8");

This is how I do preliminary sanitization. For extra protection, I’ve tried this after:

UrlQuerySanitizer sanitizer = new UrlQuerySanitizer();
sanitizer.setAllowUnregisteredParamaters(true);
sanitizer.parseUrl(url); //Url being the total url with parameters

However, sometimes it just doesn’t insert the new row. This happens when I use commas or apostrophes, so it has something to do with sanitization I guess.

What am I doing wrong? Thanks.

EDIT: more specific

I have a php file that will insert database entries with a parameterized query something like this:
www.example.com/newentry.php?name=thename&location=thelocation1

I want to concatenate the url string together with thename and thelocation (taken as inputs) sanitized so they work in the url. If I use something like a comma or an apostrophe, it fails to insert that entry because, and I’m assuming this, it isn’t sanitizing those taken inputs correctly.