Re: escape string for pgsql (using jdbc/java)?

[Dave Cramer <pg(at)fastcrypt(dot)com>]

On 29-Jan-07, at 6:27 PM, Tobias Thierer wrote:

> Oliver Jowett wrote:
>
> > If you want something portable just use PreparedStatement.setString 
> > () and parameter placeholders. The "preparation" overhead you are  
> > worrying about is not really an issue as the PreparedStatement  
> > implementation is designed to handle one-shot queries as well as  
> > reused queries efficiently .. since PreparedStatement is often  
> > used just for parameter value interpolation to avoid exactly the  
> > issues you are encountering.
>
> I'm not so worried about the performance. But if I have a column of  
> type SERIAL in my table, then I can retrieve the generated value  
> using:
>
>  statement.executeUpdate(sqlString, Statement.RETURN_GENERATED_KEYS);
>  ResultSet resultSet = statement.getGeneratedKeys();
>  Integer result;
>  if (resultSet.next()) {
>    result = resultSet.getInt(1);
>  } else {
>    result = null;
>  }
>  resultSet.close();
You could if that worked in postgresql but getGeneratedKeys does not  
currently work
> whereas it is not clear to me how this works with a prepared  
> statement. Strangely, PreparedStatement extends Statement, so  
> PreparedStatement still has the executeUpdate(String,int) method -  
> but it is not clear to me whether this method will throw the  
> previously prepared statement away or what.
>
> Is there any easy way to retrieve the generated value for the  
> SERIAL column when using a prepared statement?
Yes, if it worked it would work with prepared statements.

Dave
>   Tobias
>
> ---------------------------(end of  
> broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings