JSTL and Escaping Quotes (Newbie Question)

[DartmanX]

Can anyone advise me on how to escape quotes on variables passed from a
request variable via JSTL?

Currently, my code looks something like this:

<c:set var="user" value="${param.USER}" />
<c:set var="password" value="${param.PASSWORD}" />
<sql:query ...>
select * from users where user = ? and pass= ?
<sqlaram value="${user}" />
<sqlaram value="${password}" />
</sql:query>

Any help is always appreciated.

Jason

 

[Chris Smith]

Can anyone advise me on how to escape quotes on variables passed from a
request variable via JSTL?

Currently, my code looks something like this:

<c:set var="user" value="${param.USER}" />
<c:set var="password" value="${param.PASSWORD}" />
<sql:query ...>
select * from users where user = ? and pass= ?
<sqlaram value="${user}" />
<sqlaram value="${password}" />
</sql:query>

If you're talking about the SQL query, then you don't need to. The JDBC
driver will handle sending your parameters correctly. Whether that's
done by escaping quotes in your strings is up to the JDBC driver, but
the result will work somehow. You don't need to worry about it at all.

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation