how to convert "'" to "''"

Question

I'm handling user data and store it to oracle which may contain "'", "''", or "'''". I have try to use replaceAll() method to convert data but it output not my expected result.

try replaceAll() but not work

String sAddress1="";
sAddress1 = "ABC''S ROA'''D";

sAddress1 = sAddress1.replaceAll("'","''");

I expect the output of sAddress1 to be:

"ABC''''S ROA''''''D"

But the actual output is:

"ABC''S ROA''''D"

Are you sure your string contains single quotes? Perhaps it contains grave accents which look very similar to single quotes? — TheWhiteRabbit, Aug 05 '19 at 08:45
Why are you doing this? If it is to make it safe to use in a query: don't do this. Use prepared statements with parameters instead. — Mark Rotteveel, Aug 05 '19 at 08:58

score 0 · Answer 1 · answered Aug 05 '19 at 08:56

Your code works correctly. The problem is the persistence in your Oracle DB.

In which way are you storing it into the DB? Are you using native SQL? Are you using JPA/Hibernate?

Probably you are using a Native SQL, since the JPA/Hibernate options should handle the quoting for you.

Take a look to the text literials section in the Oracle documentation https://docs.oracle.com/cd/B19306_01/server.102/b14200/sql_elements003.htm#sthref344

Or take a look to other answers about escaping single quoutes for Oracle DB PL/SQL, how to escape single quote in a string? Escaping single quote in PLSQL

Even pure JDBC usage would have options for doing this for you. And technically, Hibernate nor JPA will quote for you, but use prepared statements with parameters. — Mark Rotteveel, Aug 05 '19 at 09:00

how to convert "'" to "''"

1 Answers1