| From: | "Chris White" <cjwhite(at)cisco(dot)com> |
|---|---|
| To: | "Thomas O'Dowd" <tom(at)nooper(dot)com>, "Timothy Reaves" <treaves(at)silverfields(dot)com> |
| Cc: | <pgsql-jdbc(at)postgresql(dot)org> |
| Subject: | Re: Escaping strings? |
| Date: | 2002-11-04 03:10:39 |
| Message-ID: | NCBBIJCJEKFBDCFKEEEIMENFHGAA.cjwhite@cisco.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
I think you also have to escape underscore(_).
-----Original Message-----
From: pgsql-jdbc-owner(at)postgresql(dot)org
[mailto:pgsql-jdbc-owner(at)postgresql(dot)org]On Behalf Of Thomas O'Dowd
Sent: Sunday, November 03, 2002 6:53 PM
To: Timothy Reaves
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: [JDBC] Escaping strings?
You need to escape \ and ' but using setString() is the most portable
way of doing it. Escape them both with \. Something like this...
StringBuffer sbuf = new StringBuffer();
for(i = 0; i < str.length(); i++)
{
char c = str.charAt(i);
if(c == '\\' || c == '\'')
sbuf.append((char)'\\');
sbuf.append(c);
}
Cheers,
Tom.
On Mon, 2002-11-04 at 11:35, Timothy Reaves wrote:
> Unfortunatly I can not do that, as the entire sql string is dynamically
> generated. Is there no parseString() or escapeString() method? If not,
> what charachers need escaping?
>
> Thanks!
>
> On 04 Nov 2002 11:14:00 +0900
> "Thomas O'Dowd" <tom(at)nooper(dot)com> wrote:
>
> > Use the setString() method of PreparedStatement and it will escape
> > things for you.
> >
> > Tom.
> >
> > On Mon, 2002-11-04 at 11:06, Timothy Reaves wrote:
> > > What is the proper way to insure a text string (i.e. one read from
> > > a
> > > JTextField.getText()) is propery escaped? I assumed the JDBC driver
> > > would do this automatically, but it does not. An ' character will
> > > cause the JDBC driver to throw an exception.
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 5: Have you checked our
> > > extensive FAQ?
> > >
> > > http://www.postgresql.org/users-lounge/docs/faq.html
> > --
> > Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
> > i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
message can get through to the mailing list cleanly
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas O'Dowd | 2002-11-04 03:31:46 | Re: Escaping strings? |
| Previous Message | Thomas O'Dowd | 2002-11-04 02:52:50 | Re: Escaping strings? |