Skip site navigation (1) Skip section navigation (2)

Escape Processing problems

From: "Thomas O'Dowd" <tom(at)nooper(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Escape Processing problems
Date: 2001-08-28 14:57:21
Message-ID: 20010828235721.H32410@beast.uwillsee.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Hi all,

The Connection.EscapeSQL() routine is broken IMHO . Actually, I'm not
sure why it is trying to fix strings starting with "{d" in the first place?

Anyway, currently I've turned it off in the statement with
setEscapeProcessing(false)

The problem I'm having is that "{d" appears in the data that I'm trying
to store and its not a date. So data like the following...

.....blahhh}; {blahhh }; {docs=""};

is turning into...

.....blahhh}; {blahhh };   ocs="" ;
                         ^^      ^

What's more is if I have something like "{d....." and there is no ending 
brace, it will throw a StringIndexOutOfBoundsException as the return
value of the indexOf() looking for the closing brace will not find one
and thus setCharAt() will use an illegal index of -1 :(

The routine is below for reference... Can anyone explain why it is trying
to do this on me in the first place. I would think escape processing would
do something a little different like watching my single quotes etc.

    public String EscapeSQL(String sql) {
      //if (DEBUG) { System.out.println ("parseSQLEscapes called"); }

      // If we find a "{d", assume we have a date escape.
      //
      // Since the date escape syntax is very close to the
      // native Postgres date format, we just remove the escape
      // delimiters.
      //
      // This implementation could use some optimization, but it has
      // worked in practice for two years of solid use.
      int index = sql.indexOf("{d");
      while (index != -1) {
        //System.out.println ("escape found at index: " + index);
        StringBuffer buf = new StringBuffer(sql);
        buf.setCharAt(index, ' ');
        buf.setCharAt(index + 1, ' ');
        buf.setCharAt(sql.indexOf('}', index), ' ');
        sql = new String(buf);
        index = sql.indexOf("{d");
      }
      //System.out.println ("modified SQL: " + sql);
      return sql;
    }

Cheers,

Tom.
-- 
Thomas O'Dowd. - Nooping - http://nooper.com
tom(at)nooper(dot)com - Testing - http://nooper.co.jp/labs

Responses

pgsql-jdbc by date

Next:From: T.R.MissnerDate: 2001-08-28 15:12:25
Subject: RE: Fastpath error on solaris 2.8 pgsql 7.1.3
Previous:From: Tom LaneDate: 2001-08-28 13:14:57
Subject: Re: [GENERAL] Regarding vacuumdb

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group