Home/ Questions/Q 6136901
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T17:39:37+00:00

Is there any function or library which can be used to clean the user

  • 0

Is there any function or library which can be used to clean the user input. Like for example if the user input a text called baily's then i should escape the ' before sending it to mysql query. Similarly i should be able to filter null characters and \n, \t, \r etc.. Like in PHP we have mysql_real_escape_string($input) is there anything in Java to do this ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In Java, you don’t usually do this by hand.

    Instead you’ll use a PreparedStatement and pass in any arguments to your SQL statement via explicit setString() or setObject() methods.

    This way the JDBC driver will handle it (either by doing the necessary escaping or by sending the SQL statement separately form the arguments, depending on the DB).

    For example, your code could look like that (using prepareStatement()):

    Connection c = ...; // get Connection from somehwere
PreparedStatement stmt = c.prepareStatement("SELECT * FROM BOOKS WHERE TITLE = ?");
stmt.setString(1, userInput);
ResultSet result = stmt.executeQuery();
    • 0