Escaping comma in java

I have a string which is fed into the query as IN clause,which looks 开发者_StackOverflow中文版like this ('ACT','INACT') which is one of the parameters to a function inside a package.when a call is made to the function from java, it looks like this

call package.function(1,2,3,('ACT','INACT'),4,5).

When the package is called,i get error as wrong type of arguments.

It is taking the values inside brackets as different values delimited by strings

You should use a CallableStatement, so that you don't have to worry about escaping your inputs. It would look like this:

CallableStatement proc = conn.prepareCall("{call package.function(?,?,?,?,?,?) }");
proc.setInt(1,1);
proc.setInt(2,2);
proc.setInt(3,3);
proc.setString(4,"('ACT','INACT')");
proc.setInt(5,4);
proc.setInt(6,5);
proc.execute();

If you want to escape Strings to put them in SQL queries I urge you to have a look to Commons Lang and more specifically to StringEscapeUtils which includes a static method just to escape Strings for SQL.