Saving values in UPPERCASE in a database

R

Rune Runnestø

Hi,

When connecting to a database from a JSP-file, I write for instance:
sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
lastName + "')";

Statement stmt = null;
stmt.executeUpdate(sql);

The question is: How do I write the sql-sentence if I want to save the
variables in the database in UPPERCASE ?

Regards
Rune
 
M

Malte

Rune said:
Hi,

When connecting to a database from a JSP-file, I write for instance:
sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
lastName + "')";

Statement stmt = null;
stmt.executeUpdate(sql);

The question is: How do I write the sql-sentence if I want to save the
variables in the database in UPPERCASE ?

Regards
Rune
Click to expand...

In a small test window I did this:

create table strtest (test varchar2(64));


insert into strtest values (upper('test'));
insert into strtest values ('test');

commit;
select * from strtest;

Result:

TEST
test

drop table strtest;

You could also, of course, uppercase the String objects BEFORE you pass
them to the database.
 
M

Malte

BTW, connection to the database from the JSP could be constructed as a
poor design. I believe that many people would stick their database code
into a bean of sorts.
 
C

Chris Uppal

Rune said:
sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
lastName + "')";
Click to expand...

Unless "forName" and "lastName" come from a guaranteed safe source (i.e. /NOT/
a user typing it in, and definitely not anything on the Web), then this opens
up a potentially very serious security hole. If you don't understand what I'm
talking about then Google for "SQL injection attack".

-- chris
 
T

Thomas Kellerer

Hi,

When connecting to a database from a JSP-file, I write for instance:
sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
lastName + "')";

Statement stmt = null;
stmt.executeUpdate(sql);

The question is: How do I write the sql-sentence if I want to save the
variables in the database in UPPERCASE ?

Regards
Rune
Click to expand...

What's wrong with:

sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase() + "',
'" + lastName.toUpperCase() + "')";

Thomas
 
R

Rune Runnestø

What's wrong with:

sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase() + "',
'" + lastName.toUpperCase() + "')";
Click to expand...

This code works. Thanks.
Rune
 
S

shakah

You're probably better off using a PreparedStatement and the database's
concept of upper case. It handles NULLs and allows you to avoid
worrying about single-quotes in your data (e.g. last names like
"O'Brien"):

// ...guessing on the first value's type (int?)
java.sql.PreparedStatement pstmt = conn.prepareStatement(
"INSERT INTO person VALUES(?,?,?)"
) ;
int nFld=0 ;
pstmt.setInt(++nFld, new Integer(newNr)) ;
pstmt.setString(++nFld, forName) ;
pstmt.setString(++nFld, lastName) ;
pstmt.executeUpdate() ;
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Saving images in .NET Maui using Sqlite 0
Registration Form 7
How to try a range of hex values in C# code ? 0
How to convert a database data in predefined format and generate output in text format 1
Having a problem in one of my assignments - NEED HELP 0
Saving multiple rows of gridview into database 0
Saving a serialized object into a derby database 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2

Members online

No members online now.
Total: 32 (members: 0, guests: 32)
Robots: 190

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,008
Latest member
obedient dusk

Latest Threads

Top