Re: String escaping?

From: Vit Timchishin <tivvpgsqljdbc(at)gtech-ua(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: String escaping?
Date: 2006-12-14 11:12:15
Message-ID: 4581318F.4030202@gtech-ua.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Markus Schaber wrote:
> Hi, Mark,
>
> Mark Lewis <mark(dot)lewis(at)mir3(dot)com> wrote:
>
>
>>> You don't generally need to escape your strings if you're using
>>> PreparedStatements.
>>>
>>>
>> The only exception to this rule is backslashes and (when using LIKE) the
>> '%' and '_' characters. Although if you're running 8.2 and turn the
>> standard_conforming_strings setting ON then you don't need to worry
>> about backslashes.
>>
>
> That sounds confusing.
>
> I always thought that the Strings that I set with setString() don't
> have to be escaped at all, the Driver will handle it transparently (by
> either escaping for V2 protocol, or using BIND with the appropriate
> encoding).
>
> But, of course, when I have a String Literal in the source, I need to
> add a layer of Java escaping for ", \, and some others.
>
>
I suppose you've missed the main: "you need to escape only when you are
using LIKE".

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message Markus Schaber 2006-12-14 12:27:33 Re: String escaping?
Previous Message Markus Schaber 2006-12-14 10:54:14 Re: String escaping?