Skip site navigation (1) Skip section navigation (2)

Re: String escaping?

From: Markus Schaber <schabi(at)logix-tt(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: String escaping?
Date: 2006-12-14 10:54:14
Message-ID: 20061214115414.2cff1417@kingfisher.sec.intern.logix-tt.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Hi, Mark,

Mark Lewis <mark(dot)lewis(at)mir3(dot)com> wrote:

> > You don't generally need to escape your strings if you're using 
> > PreparedStatements.
> > 
> The only exception to this rule is backslashes and (when using LIKE) the
> '%' and '_' characters.  Although if you're running 8.2 and turn the
> standard_conforming_strings setting ON then you don't need to worry
> about backslashes.

That sounds confusing.

I always thought that the Strings that I set with setString() don't
have to be escaped at all, the Driver will handle it transparently (by
either escaping for V2 protocol, or using BIND with the appropriate
encoding).

But, of course, when I have a String Literal in the source, I need to
add a layer of Java escaping for ", \, and some others.



Regards,
Markus


-- 
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf.     | Software Development GIS

Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org

In response to

Responses

pgsql-jdbc by date

Next:From: Vit TimchishinDate: 2006-12-14 11:12:15
Subject: Re: String escaping?
Previous:From: Michael PaesoldDate: 2006-12-14 07:50:08
Subject: Re: Synthesize support for Statement.getGeneratedKeys()?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group