Is there a standard way to escape SQL characters like apostrophes or comment characters, when passing in strings to HQL queries? They seem to be escaped properly when mapped properties have them, and are updated or inserted, but I haven't found any exposed API for it for session.find()...

jea

Could you give an example of an escape sequence you're attempting that fails?

Also, note that in quoted Java Strings you have to escape first for the compiler, then for whatever entity you're sending the string to. For example, to create a regex with escape sequences, you have to first escape the escape character. i.e.

Apostrophes can be escaped using '' (ie. two apostrophes)

I got it worked out. I had tried switching to using Query with setString rather than building a String for session.find, and for some reason, I didn't think it was escaping the apostrophes in the parameters, but it does. Just a brain fart.

jea

I am also having some difficulty using single and double quotes in HQL. What I have found (following Gavin's advice above) is that '' works only when the string is surrounded by ", and "" works only when the string is surrounded by '. Is it possible to write a query string that includes both ' and " ? It would be nice to be able to escape ' and " in the same way, without having to be concerned with how the string is quoted.

I have found that Hibernate nicely handles ' and " when they are used in strings passed as parameters to a prepared statement. The reason I am currently formulating the query as a complete string (not as a prepared statement) is that there are several optional parts in the query. My first attempt at a prepared statement for this turned out to take twice as long to execute (since the prepared statement includes all parts of the query I suppose). I might try the criteria interface.