We’re using JdbcTemplate to modify our underlying Oracle database. We’re doing this by way

Question

0

Asked: June 9, 20262026-06-09T17:50:24+00:00 2026-06-09T17:50:24+00:00

We’re using JdbcTemplate to modify our underlying Oracle database. We’re doing this by way

0

We’re using JdbcTemplate to modify our underlying Oracle database. We’re doing this by way of the update(String sql) method.

The code looks somehow like the following:

String name = "My name's yellow";
String sql = "update FIELD set NAME = '" + name "' where ID = 10
jdbcTemplate.update(sql);

This causes the error:

java.sql.SQLException: ORA-00933: SQL command not properly ended

The problem is the unescaped ' in the name variable.

What’s the most convenient and correct way to escape this character?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-09T17:50:25+00:00

Use PreparedStatement. That way you nominate a placeholder and the JDBC driver will perform this correctly by sending the database the statement, plus the parameters as arguments.

    String updateStatement =
    "update " + dbName + ".COFFEES " +
    "set TOTAL = TOTAL + ? " +
    "where COF_NAME = ?";

    PreparedStatement updateTotal = con.prepareStatement(updateStatement);
    updateTotal.setInt(1, e.getValue().intValue());
    updateTotal.setString(2, e.getKey());

The question marks in the above represent the placeholders.

Because these values get passed as parameters, you don’t have problems with quoting, and it protects you against SQL injection too.

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

We’re using JdbcTemplate to modify our underlying Oracle database. We’re doing this by way

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply