| From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
|---|---|
| To: | Kevin Murphy <murphy(at)genome(dot)chop(dot)edu> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Wish list |
| Date: | 2005-06-29 13:38:56 |
| Message-ID: | 42C2A470.2010804@opencloud.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Kevin Murphy wrote:
> it would be nice if the JDBC driver could somehow expose the
> functionality to do the quoting and escaping required in steps 2 and 3
> without ever requiring a database connection.
>
> I know it's not the driver's main line of business, but since it is able
> to do these things anyway (in PreparedStatement.toString), and they are
> useful but non-trivial to do properly, why not expose the functionality?
Uh, PreparedStatement.toString() *doesn't* necessarily produce correctly
quoted queries; the PostgreSQL driver implementation produces a query
string by blindly substituting parameter values with no escaping. It's
more of a debugging tool than anything else. At the protocol level, the
driver isn't escaping strings anyway because they're being passed
separately to the query in a Bind message rather than embedded in the
query string itself.
Also, the plans for post-8.1 string escaping mean that you will need to
know what version of the server you are talking to (or something
equivalent via a read-only GUC) to know which type of escaping is
correct.. it's hard to see how that works without a database connection.
-O
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2005-06-29 14:09:12 | Updated high-unicode patch |
| Previous Message | Oliver Jowett | 2005-06-29 13:17:33 | Re: jdbc cts final diff for review |