From: | Felipe Schnack <felipes(at)ritterdosreis(dot)br> |
---|---|
To: | Csaba Nagy <nagy(at)ecircle-ag(dot)com>, pgsql-jdbc <pgsql-jdbc(at)postgresql(dot)org> |
Subject: | Re: Prepared Statements |
Date: | 2003-07-18 16:14:11 |
Message-ID: | 20030718131411.1ebe4847.felipes@ritterdosreis.br |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
In these cases, I just set a single question mark in the query... then I use setObject(index, parameters, Types.NUMERIC)
In the "parameters" variable I pass the values concatenated, like:
PreparedStatement prep = conn.preparePreparedStatement("SELECT * FROM foo WHERE bar IN (?)");
prep.setObject(1, "1, 2, 3", Types.NUMERIC);
The problem about this technique is that I can't use driver's scaping of Strings... I just hope this keeps working in future versions of the driver :-)
There is a way that I can cann driver's scaping methods? Would be nice if they were public.
On 18 Jul 2003 17:32:34 +0200
Csaba Nagy <nagy(at)ecircle-ag(dot)com> wrote:
> >
> > Well, I guess the bug will have be fixed asap as it is a security risk.
> >
> > What is the proper JDBC way for filling IN lists in prepared statements?
> >
>
> I'm no JDBC expert, but the way we do it: create a prepared statement
> with 100 (or whatever the max nr. of accepted params is) parameter
> placeholders, and set the ones which are actually needed to their
> parameter values, and set the rest to null.
> The nulls will be finally ignored by the database.
> Not the best solution, but it works just fine for us.
>
> Cheers,
> Csaba.
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
/~\ The ASCII Felipe Schnack (felipes(at)ritterdosreis(dot)br)
\ / Ribbon Campaign Analista de Sistemas
X Against HTML Cel.: 51-91287530
/ \ Email! Linux Counter #281893
Centro Universitário Ritter dos Reis
http://www.ritterdosreis.br
ritter(at)ritterdosreis(dot)br
Fone: 51-32303341
From | Date | Subject | |
---|---|---|---|
Next Message | Barry Lind | 2003-07-18 16:16:23 | Re: Back to performance issues for a moment... (RE: Prepared |
Previous Message | Barry Lind | 2003-07-18 16:04:17 | Re: Prepared Statements |