| From: | Markus Schaber <schabi(at)logix-tt(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: String escaping? |
| Date: | 2006-12-14 12:27:33 |
| Message-ID: | 20061214132733.709740ba@kingfisher.sec.intern.logix-tt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Hi, Vit,
Vit Timchishin <tivvpgsqljdbc(at)gtech-ua(dot)com> wrote:
> > I always thought that the Strings that I set with setString() don't
> > have to be escaped at all, the Driver will handle it transparently (by
> > either escaping for V2 protocol, or using BIND with the appropriate
> > encoding).
> >
> > But, of course, when I have a String Literal in the source, I need to
> > add a layer of Java escaping for ", \, and some others.
> >
> >
> I suppose you've missed the main: "you need to escape only when you are
> using LIKE".
Yes, the LIKE specific escaping will stay there, but that layer is
independent of statement-level escaping.
What I wanted to show was: When you create your queries via String
concatenation, you have to implement the statement-level escaping
yourself, with prepared statements, the driver should completely handle
it.
That's independent of source-level escaping for String literals in
Java, and function-specific escaping inside the text for LIKE or
strings in function definitions.
Regards,
Markus
--
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS
Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Johanson | 2006-12-14 15:38:26 | Re: Synthesize support for Statement.getGeneratedKeys()? |
| Previous Message | Vit Timchishin | 2006-12-14 11:12:15 | Re: String escaping? |