Java Sanitize Input for Database without PreparedStatement

I know开发者_如何转开发 I've read the easy way of sanitizing user input into a database with Java is using PreparedStatement. But I was wondering if there was another way to sanitize user input or sanitize input and then get the return value of the input that was sanitized with PreparedStatements?

PreparedStatement doesn't sanitize anything. That's what binding and validating prior to getting to your persistence tier is for. You should be doing that regardless.

Why the objection to PreparedStatement? That doesn't make much sense to me.

If by Sanitize you mean "replacing special character by encoded characters", you can probably try"URLEncoder".

However this is used for creating encoded parameters in a particular Mime format.

http://download.oracle.com/javase/1.5.0/docs/api/java/net/URLEncoder.html

See examples here

http://www.java2s.com/Code/Java/Network-Protocol/URLEncodeTest.htm