Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: escape string for pgsql (using jdbc/java)?
- From: Oliver Jowett <oliver(at)opencloud(dot)com>
- To: Tobias Thierer <t_thierer(at)yahoo(dot)de>
- Cc: pgsql-jdbc(at)postgresql(dot)org
- Subject: Re: escape string for pgsql (using jdbc/java)?
- Date: Sun, 28 Jan 2007 22:53:01 +0000
Tobias Thierer wrote:
Kris Jurka wrote:1.) Is there a built-in method somewhere in the jdbc driver that escapesstrings and makes them safe to use in an SQL statement (inside a string)?There is org.postgresql.core.Utils#appendEscapedString, but it's not something we support or advertise. It's really for internal use only.I dislike that this method expects me to tell it whether i have standard_conforming_strings set - this kinda defeats the "write once, run everywhere" principle.
If you want something portable just use PreparedStatement.setString() and parameter placeholders. The "preparation" overhead you are worrying about is not really an issue as the PreparedStatement implementation is designed to handle one-shot queries as well as reused queries efficiently .. since PreparedStatement is often used just for parameter value interpolation to avoid exactly the issues you are encountering.
-O
- Follow-Ups:
- Re: escape string for pgsql (using jdbc/java)?
- From: Tobias Thierer
- Re: escape string for pgsql (using jdbc/java)?
- References:
- escape string for pgsql (using jdbc/java)?
- From: Tobias Thierer
- Re: escape string for pgsql (using jdbc/java)?
- From: Kris Jurka
- Re: escape string for pgsql (using jdbc/java)?
- From: Tobias Thierer
- escape string for pgsql (using jdbc/java)?
- Prev by Date: Re: Strange result from DatabaseMetaData.getTablePrivileges()
- Next by Date: Re: escape string for pgsql (using jdbc/java)?
- Previous by thread: Re: escape string for pgsql (using jdbc/java)?
- Next by thread: Re: escape string for pgsql (using jdbc/java)?
- Indexes: