Skip site navigation (1) Skip section navigation (2)

Re: String escaping?

From: Vit Timchishin <tivvpgsqljdbc(at)gtech-ua(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: String escaping?
Date: 2006-12-14 11:12:15
Message-ID: 4581318F.4030202@gtech-ua.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Markus Schaber wrote:
> Hi, Mark,
>
> Mark Lewis <mark(dot)lewis(at)mir3(dot)com> wrote:
>
>   
>>> You don't generally need to escape your strings if you're using 
>>> PreparedStatements.
>>>
>>>       
>> The only exception to this rule is backslashes and (when using LIKE) the
>> '%' and '_' characters.  Although if you're running 8.2 and turn the
>> standard_conforming_strings setting ON then you don't need to worry
>> about backslashes.
>>     
>
> That sounds confusing.
>
> I always thought that the Strings that I set with setString() don't
> have to be escaped at all, the Driver will handle it transparently (by
> either escaping for V2 protocol, or using BIND with the appropriate
> encoding).
>
> But, of course, when I have a String Literal in the source, I need to
> add a layer of Java escaping for ", \, and some others.
>
>   
I suppose you've missed the main: "you need to escape only when you are
using LIKE".


In response to

Responses

pgsql-jdbc by date

Next:From: Markus SchaberDate: 2006-12-14 12:27:33
Subject: Re: String escaping?
Previous:From: Markus SchaberDate: 2006-12-14 10:54:14
Subject: Re: String escaping?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group