Re: Prepared Statements

From: Dmitry Tkach <dmitry(at)openratings(dot)com>
To: Oliver Jowett <oliver(at)opencloud(dot)com>
Cc: Fernando Nasser <fnasser(at)redhat(dot)com>, Kim Ho <kho(at)redhat(dot)com>, Barry Lind <blind(at)xythos(dot)com>, pgsql-jdbc-list <pgsql-jdbc(at)postgresql(dot)org>, Dave Cramer <Dave(at)micro-automation(dot)net>
Subject: Re: Prepared Statements
Date: 2003-07-21 15:17:41
Message-ID: 3F1C0415.5000603@openratings.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Oliver Jowett wrote:

>On Mon, Jul 21, 2003 at 10:39:11AM -0400, Dmitry Tkach wrote:
>
>
>>Oliver Jowett wrote:
>>
>>
>>
>>>Even if it was true, it's still better to have one piece of code that does
>>>the escaping, rather than N different ones. With escaping in the JDBC
>>>driver, you've reduced the scope of the code you need to audit for syntax
>>>
>>>
>>>from "all query strings and all parameters" to "the JDBC driver's
>>
>>
>>>parameter-escaping code and all query strings".
>>>
>>>
>>>
>>>
>>>
>>Sure. And that's good.
>>That's precisely the point - if you guys start taking functionality
>>away, so that I am not longer able to do things with it that I used to
>>be able to do, then I will not be able to benefit from it as much as I
>>used to - I'll have to switch from PreparedStatements to Statements and
>>do all that escaping/parsing on my own.
>>That's exactly what I am trying to avoid
>>
>>
>
>The functionality we are "taking away" allows you to bypass the JDBC
>driver's parameter escaping. You can't have it both ways.
>
>
Sure, I can :-)
I *do* "have it both ways" right now :-) - in situations when I need
drivers escaping, I use it, in situations when I don't I don't.
I have both the functionality, and the flexibility not to use it when I
don't need it.

Dima

>
>

In response to

Browse pgsql-jdbc by date

  From Date Subject
Next Message Csaba Nagy 2003-07-21 15:18:12 Re: Prepared Statements
Previous Message Fernando Nasser 2003-07-21 15:14:55 Re: Prepared Statements