| From: | Kim Ho <kho(at)redhat(dot)com> |
|---|---|
| To: | Dmitry Tkach <dmitry(at)openratings(dot)com> |
| Cc: | Fernando Nasser <fnasser(at)redhat(dot)com>, Barry Lind <blind(at)xythos(dot)com>, pgsql-jdbc-list <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: Prepared Statements |
| Date: | 2003-07-18 17:45:28 |
| Message-ID: | 1058550328.19657.168.camel@topanga.toronto.redhat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Can't you instead use setString(1, "x'a'")?
If not, this also brings up another thing. Did you want to treat "x'a'"
as a number now?
In any case, here is a revised version of the patch. =) Thanks for the
pointers.
Also, the remove radix thing is not meant for preventing SQL injection.
It is meant for this like:
create function integer_in(integer) ....
and then using things like select integer_in(1.11231E9)
Kim
On Fri, 2003-07-18 at 13:40, Dmitry Tkach wrote:
> Dmitry Tkach wrote:
>
> >
> > s.setObject (1, "x'a'");
> >
> I meant s.setObject (1, "x'a'", Types.INTEGER) of course...
>
> Dima
>
>
| Attachment | Content-Type | Size |
|---|---|---|
| setObjectNumbers.diff | text/plain | 6.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dmitry Tkach | 2003-07-18 17:53:39 | Re: Prepared Statements |
| Previous Message | Dmitry Tkach | 2003-07-18 17:40:06 | Re: Prepared Statements |