Skip site navigation (1) Skip section navigation (2)

Re: String escaping?

From: Vit Timchishin <tivvpgsqljdbc(at)gtech-ua(dot)com>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: String escaping?
Date: 2006-12-14 11:12:15
Message-ID: (view raw or whole thread)
Lists: pgsql-jdbc
Markus Schaber wrote:
> Hi, Mark,
> Mark Lewis <mark(dot)lewis(at)mir3(dot)com> wrote:
>>> You don't generally need to escape your strings if you're using 
>>> PreparedStatements.
>> The only exception to this rule is backslashes and (when using LIKE) the
>> '%' and '_' characters.  Although if you're running 8.2 and turn the
>> standard_conforming_strings setting ON then you don't need to worry
>> about backslashes.
> That sounds confusing.
> I always thought that the Strings that I set with setString() don't
> have to be escaped at all, the Driver will handle it transparently (by
> either escaping for V2 protocol, or using BIND with the appropriate
> encoding).
> But, of course, when I have a String Literal in the source, I need to
> add a layer of Java escaping for ", \, and some others.
I suppose you've missed the main: "you need to escape only when you are
using LIKE".

In response to


pgsql-jdbc by date

Next:From: Markus SchaberDate: 2006-12-14 12:27:33
Subject: Re: String escaping?
Previous:From: Markus SchaberDate: 2006-12-14 10:54:14
Subject: Re: String escaping?

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group