Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Java > Saving values in UPPERCASE in a database

Reply
Thread Tools

Saving values in UPPERCASE in a database

 
 
Rune RunnestÝ
Guest
Posts: n/a
 
      05-02-2005
Hi,

When connecting to a database from a JSP-file, I write for instance:
sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
lastName + "')";

Statement stmt = null;
stmt.executeUpdate(sql);

The question is: How do I write the sql-sentence if I want to save the
variables in the database in UPPERCASE ?

Regards
Rune


 
Reply With Quote
 
 
 
 
Malte
Guest
Posts: n/a
 
      05-02-2005
Rune RunnestÝ wrote:
> Hi,
>
> When connecting to a database from a JSP-file, I write for instance:
> sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
> lastName + "')";
>
> Statement stmt = null;
> stmt.executeUpdate(sql);
>
> The question is: How do I write the sql-sentence if I want to save the
> variables in the database in UPPERCASE ?
>
> Regards
> Rune
>
>


In a small test window I did this:

create table strtest (test varchar2(64));


insert into strtest values (upper('test'));
insert into strtest values ('test');

commit;
select * from strtest;

Result:

TEST
test

drop table strtest;

You could also, of course, uppercase the String objects BEFORE you pass
them to the database.
 
Reply With Quote
 
 
 
 
Malte
Guest
Posts: n/a
 
      05-02-2005
Malte wrote:
> Rune RunnestÝ wrote:
>
>> Hi,
>>
>> When connecting to a database from a JSP-file, I write for instance:
>> sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
>> lastName + "')";
>>
>> Statement stmt = null;
>> stmt.executeUpdate(sql);
>>
>> The question is: How do I write the sql-sentence if I want to save the
>> variables in the database in UPPERCASE ?
>>
>> Regards
>> Rune
>>


BTW, connection to the database from the JSP could be constructed as a
poor design. I believe that many people would stick their database code
into a bean of sorts.
 
Reply With Quote
 
Chris Uppal
Guest
Posts: n/a
 
      05-02-2005
Rune RunnestÝ wrote:

> sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
> lastName + "')";


Unless "forName" and "lastName" come from a guaranteed safe source (i.e. /NOT/
a user typing it in, and definitely not anything on the Web), then this opens
up a potentially very serious security hole. If you don't understand what I'm
talking about then Google for "SQL injection attack".

-- chris


 
Reply With Quote
 
Thomas Kellerer
Guest
Posts: n/a
 
      05-02-2005


On 02.05.2005 14:01 Rune RunnestÝ wrote:

> Hi,
>
> When connecting to a database from a JSP-file, I write for instance:
> sql = "insert into person values(" + newNr + ", '" + forName + "', '" +
> lastName + "')";
>
> Statement stmt = null;
> stmt.executeUpdate(sql);
>
> The question is: How do I write the sql-sentence if I want to save the
> variables in the database in UPPERCASE ?
>
> Regards
> Rune
>


What's wrong with:

sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase() + "',
'" + lastName.toUpperCase() + "')";

Thomas
 
Reply With Quote
 
Rune RunnestÝ
Guest
Posts: n/a
 
      05-02-2005

> What's wrong with:
>
> sql = "insert into person values(" + newNr + ", '" + forName.toUpperCase()

+ "',
> '" + lastName.toUpperCase() + "')";
>


This code works. Thanks.
Rune


 
Reply With Quote
 
shakah
Guest
Posts: n/a
 
      05-02-2005
You're probably better off using a PreparedStatement and the database's
concept of upper case. It handles NULLs and allows you to avoid
worrying about single-quotes in your data (e.g. last names like
"O'Brien"):

// ...guessing on the first value's type (int?)
java.sql.PreparedStatement pstmt = conn.prepareStatement(
"INSERT INTO person VALUES(?,?,?)"
) ;
int nFld=0 ;
pstmt.setInt(++nFld, new Integer(newNr)) ;
pstmt.setString(++nFld, forName) ;
pstmt.setString(++nFld, lastName) ;
pstmt.executeUpdate() ;

Rune RunnestÝ wrote:
> > What's wrong with:
> >
> > sql = "insert into person values(" + newNr + ", '" +

forName.toUpperCase()
> + "',
> > '" + lastName.toUpperCase() + "')";
> >

>
> This code works. Thanks.
> Rune


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Database Database Database Database scott93727@gmail.com Computer Information 0 09-27-2012 02:43 AM
DataBase DataBase DataBase DataBase scott93727@gmail.com Computer Information 0 09-26-2012 09:40 AM
uppercase ASP .Net 1 02-20-2006 05:23 AM
turn uppercase on in controls Beffmans ASP .Net 1 08-02-2005 01:59 PM
converting asp:textbox to uppercase Ruby ASP .Net 1 07-31-2003 04:51 PM



Advertisments