| From: | Mark Lewis <mark(dot)lewis(at)mir3(dot)com> |
|---|---|
| To: | Heikki Linnakangas <heikki(at)enterprisedb(dot)com> |
| Cc: | David Nedrow <dnedrow(at)mac(dot)com>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: String escaping? |
| Date: | 2006-12-13 17:47:46 |
| Message-ID: | 1166032066.27428.92.camel@archimedes |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
The only exception to this rule is backslashes and (when using LIKE) the
'%' and '_' characters. Although if you're running 8.2 and turn the
standard_conforming_strings setting ON then you don't need to worry
about backslashes.
-- Mark Lewis
On Wed, 2006-12-13 at 17:21 +0000, Heikki Linnakangas wrote:
> David Nedrow wrote:
> > Are there any build-in JDK or JDBC (Sun or Postgresql driver) functions
> > for escaping strings before inserting/updating in the DB?
> >
> > Eg., I'm using the following PreparedStatement...
>
> You don't generally need to escape your strings if you're using
> PreparedStatements.
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Johanson | 2006-12-14 04:39:06 | PG 8.2's JDBC, and Statement.executeUpdate(String, String[]) causing AbstractMethodError |
| Previous Message | Heikki Linnakangas | 2006-12-13 17:21:17 | Re: String escaping? |