| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Tobias Thierer <t_thierer(at)yahoo(dot)de> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: escape string for pgsql (using jdbc/java)? |
| Date: | 2007-01-26 00:42:00 |
| Message-ID: | Pine.BSO.4.64.0701251936550.15719@leary2.csoft.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Fri, 26 Jan 2007, Tobias Thierer wrote:
> I was previously using MySQL and escaped strings following the document at:
>
> http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
>
> But I couldn't find a corresponding specification for pgsql.
http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html
See 4.1.2.1 String constants.
> 1.) Is there a built-in method somewhere in the jdbc driver that escapes
> strings and makes them safe to use in an SQL statement (inside a
> string)?
There is org.postgresql.core.Utils#appendEscapedString, but it's not
something we support or advertise. It's really for internal use only.
> 2.) Which characters do I need to escape for pgsql? Is ' the only one,
> and I need to escape it as '' ? Do I need to escape \ ? Will I need to
> escape all the characters that I escaped for MySQL? Where can I find
> out more?
You need to escape ' and \ if you standard_conforming_strings is on.
Monitoring this setting can be tough, so the safest thing to do is
probably to always use the E'string' escape syntax and escape both
characters.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ken Johanson | 2007-01-26 03:54:37 | Re: Synthesize support for Statement.getGeneratedKeys()? |
| Previous Message | Dave Cramer | 2007-01-25 23:44:30 | Re: escape string for pgsql (using jdbc/java)? |