2

For log4j I have this very simple sql statement:

log4j.appender.DB.sql=INSERT INTO [LOG].[dbo].[LOGS] VALUES('%m')

%m is a variable which contains the message of the logger. Sometimes this message will also contain ' in it. For example: User 'Admin' deleted object C333421 (rough example)

How can I escape it?

GeekSince1982
  • 732
  • 10
  • 25

1 Answers1

1

You escape single quotes by using two single quotes. So for example

User ''Admin'' deleted object C333421

You need to change the String in your java code that retrieves the message.

You can use replaceAll for this

message = message.replaceAll("'", "''"));

Or you could use REPLACE('%m', '''', '''''') in the sqlstatement

steven35
  • 3,747
  • 3
  • 34
  • 48
  • it's log4j - i can't change modules which retrieve the log message. so the variable %m - will come as it is. I mean the string which it'll have may have `'` in it. so i can't do changes to the java code and am limited to doing tricks with sql statement :( – GeekSince1982 Feb 17 '15 at 14:41
  • 1
    You could try using `REPLACE('%m', '''', '')` – steven35 Feb 17 '15 at 14:44
  • Just tried. This doesn't work. here is an example of the line which %m carries: `Operations are performed by user 'Administrator'. User URL: 'app://reflection/c3333'` i see all other lines loged into DB except these lines. these lines I see in the parallel file based log. and also jboss server log complains about failed sql statement on these lines:( – GeekSince1982 Feb 17 '15 at 15:24
  • Just updated the answer, please try that. If it doesn't work then I will have run out of ideas :) – steven35 Feb 17 '15 at 15:28