Vit Timchishin <tivvpgsqljdbc(at)gtech-ua(dot)com> wrote:
> > I always thought that the Strings that I set with setString() don't
> > have to be escaped at all, the Driver will handle it transparently (by
> > either escaping for V2 protocol, or using BIND with the appropriate
> > encoding).
> > But, of course, when I have a String Literal in the source, I need to
> > add a layer of Java escaping for ", \, and some others.
> I suppose you've missed the main: "you need to escape only when you are
> using LIKE".
Yes, the LIKE specific escaping will stay there, but that layer is
independent of statement-level escaping.
What I wanted to show was: When you create your queries via String
concatenation, you have to implement the statement-level escaping
yourself, with prepared statements, the driver should completely handle
That's independent of source-level escaping for String literals in
Java, and function-specific escaping inside the text for LIKE or
strings in function definitions.
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS
Fight against software patents in Europe! www.ffii.org
In response to
pgsql-jdbc by date
|Next:||From: Ken Johanson||Date: 2006-12-14 15:38:26|
|Subject: Re: Synthesize support for Statement.getGeneratedKeys()?|
|Previous:||From: Vit Timchishin||Date: 2006-12-14 11:12:15|
|Subject: Re: String escaping?|