Saving values in UPPERCASE in a database

Discussion in 'Java' started by Rune Runnestø, May 2, 2005.

  1. Hi,

    When connecting to a database from a JSP-file, I write for instance:
    sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
    lastName + "')";

    Statement stmt = null;
    stmt.executeUpdate(sql);

    The question is: How do I write the sql-sentence if I want to save the
    variables in the database in UPPERCASE ?

    Regards
    Rune
     
    Rune Runnestø, May 2, 2005
    #1
    1. Advertising

  2. Rune Runnestø

    Malte Guest

    Rune Runnestø wrote:
    > Hi,
    >
    > When connecting to a database from a JSP-file, I write for instance:
    > sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
    > lastName + "')";
    >
    > Statement stmt = null;
    > stmt.executeUpdate(sql);
    >
    > The question is: How do I write the sql-sentence if I want to save the
    > variables in the database in UPPERCASE ?
    >
    > Regards
    > Rune
    >
    >


    In a small test window I did this:

    create table strtest (test varchar2(64));


    insert into strtest values (upper('test'));
    insert into strtest values ('test');

    commit;
    select * from strtest;

    Result:

    TEST
    test

    drop table strtest;

    You could also, of course, uppercase the String objects BEFORE you pass
    them to the database.
     
    Malte, May 2, 2005
    #2
    1. Advertising

  3. Rune Runnestø

    Malte Guest

    Malte wrote:
    > Rune Runnestø wrote:
    >
    >> Hi,
    >>
    >> When connecting to a database from a JSP-file, I write for instance:
    >> sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
    >> lastName + "')";
    >>
    >> Statement stmt = null;
    >> stmt.executeUpdate(sql);
    >>
    >> The question is: How do I write the sql-sentence if I want to save the
    >> variables in the database in UPPERCASE ?
    >>
    >> Regards
    >> Rune
    >>


    BTW, connection to the database from the JSP could be constructed as a
    poor design. I believe that many people would stick their database code
    into a bean of sorts.
     
    Malte, May 2, 2005
    #3
  4. Rune Runnestø

    Chris Uppal Guest

    Rune Runnestø wrote:

    > sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
    > lastName + "')";


    Unless "forName" and "lastName" come from a guaranteed safe source (i.e. /NOT/
    a user typing it in, and definitely not anything on the Web), then this opens
    up a potentially very serious security hole. If you don't understand what I'm
    talking about then Google for "SQL injection attack".

    -- chris
     
    Chris Uppal, May 2, 2005
    #4
  5. On 02.05.2005 14:01 Rune Runnestø wrote:

    > Hi,
    >
    > When connecting to a database from a JSP-file, I write for instance:
    > sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
    > lastName + "')";
    >
    > Statement stmt = null;
    > stmt.executeUpdate(sql);
    >
    > The question is: How do I write the sql-sentence if I want to save the
    > variables in the database in UPPERCASE ?
    >
    > Regards
    > Rune
    >


    What's wrong with:

    sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase() + "',
    '" + lastName.toUpperCase() + "')";

    Thomas
     
    Thomas Kellerer, May 2, 2005
    #5

  6. > What's wrong with:
    >
    > sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase()

    + "',
    > '" + lastName.toUpperCase() + "')";
    >


    This code works. Thanks.
    Rune
     
    Rune Runnestø, May 2, 2005
    #6
  7. Rune Runnestø

    shakah Guest

    You're probably better off using a PreparedStatement and the database's
    concept of upper case. It handles NULLs and allows you to avoid
    worrying about single-quotes in your data (e.g. last names like
    "O'Brien"):

    // ...guessing on the first value's type (int?)
    java.sql.PreparedStatement pstmt = conn.prepareStatement(
    "INSERT INTO person VALUES(?,?,?)"
    ) ;
    int nFld=0 ;
    pstmt.setInt(++nFld, new Integer(newNr)) ;
    pstmt.setString(++nFld, forName) ;
    pstmt.setString(++nFld, lastName) ;
    pstmt.executeUpdate() ;

    Rune Runnestø wrote:
    > > What's wrong with:
    > >
    > > sql = "insert into person values(" + newNr + ", '" +

    forName.toUpperCase()
    > + "',
    > > '" + lastName.toUpperCase() + "')";
    > >

    >
    > This code works. Thanks.
    > Rune
     
    shakah, May 2, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ruby
    Replies:
    1
    Views:
    2,582
    Ray Dixon [MVP]
    Jul 31, 2003
  2. John Kandell
    Replies:
    4
    Views:
    4,227
    eeebop
    Dec 10, 2004
  3. Luis Esteban Valencia
    Replies:
    0
    Views:
    2,555
    Luis Esteban Valencia
    Jan 6, 2005
  4. Guest

    uppercase

    Guest, Feb 20, 2006, in forum: ASP .Net
    Replies:
    1
    Views:
    511
    Nathan Sokalski
    Feb 20, 2006
  5. Lovely Angel For You

    Saving Images While Saving ASP Pages !

    Lovely Angel For You, Oct 2, 2003, in forum: ASP General
    Replies:
    1
    Views:
    227
    Curt_C [MVP]
    Oct 3, 2003
Loading...

Share This Page