Escaping single quotes for SQL

From Stack Overflow
Jump to: navigation, search
    /**
     * Escape the single-quote character for SQL statements.  Same optimization
     * comment as above.
     */
    public static String sqlArmor(String s) 
    { 
		StringBuffer result = new StringBuffer();
		int max = s.length();
		char c;
		for (int i=0; i<max; i++)
		{
			c = s.charAt(i);
			result.append(c);
			if (c == '\'') result.append(c);
		}
		return result.toString();
    }

Personal tools