Skip site navigation (1) Skip section navigation (2)

Re: PreparedStatement.toString() creates valid SQL; was: Q: use setObject also for int or string

From: Michael Enke <michael(dot)enke(at)wincor-nixdorf(dot)com>
To: Kris Jurka <books(at)ejurka(dot)com>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: PreparedStatement.toString() creates valid SQL; was: Q: use setObject also for int or string
Date: 2008-09-21 19:32:05
Message-ID: 48D6A135.603@wincor-nixdorf.com (view raw or flat)
Thread:
Lists: pgsql-jdbc
Hi Kris,

in my Java code I need to retrieve the SQL
from a PreparedStatement to create from this another statement.

I did this and it would be great if you could have a look
into the attached patch files and make comments.

It has to set standard_conforming_strings to false
in any case to create valid sql:
If I use setString(1, "a\\b");
the real stored characters are 'a','\','b'.
If I would use standard_conforming_strings=true
the output would be "a\b"
but with set to false the output is "a\\b" which is the correct one.

I did not understand what you mean with InputStream.

Michael

Kris Jurka schrieb:
> Michael Enke wrote:
>> The PreparedStatement.toString() returns the query,
>> replaced with available parameter, but string constants are not
>> enclosed in apostrophes:
>>
>> 74: select * from a where a='a'
>> 83: select * from a where a=a
>>
>> The 74 version put this into apostrophes if setString was used.
>> If setInt was used, no apostrophes were output.
>>
> 
> We've never claimed that the output of PreparedStatement.toString would
> produce valid SQL.  There are certainly other problems with it than just
> missing apostrophes.  It currently doesn't escape values, so it breaks
> if your data contains embedded ' or \.  It doesn't understand whether
> the server has standard_conforming_strings enabled or not.   What would
> it to do with a parameter that is an InputStream?  If the toString code
> reads it, the driver cannot re-read it to send it to the server when
> executed.
> 
> The InputStream is perhaps an unusual case, so I wouldn't be opposed if
> someone wanted to make the simple cases work better, but it's not
> something I'm particularly excited about.
> 
> Kris Jurka


-- 
WINCOR NIXDORF International GmbH 
Sitz der Gesellschaft: Paderborn 
Registergericht Paderborn HRB 3507
Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram
Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller 
Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193

Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. 


Attachment: V2Query.java.diff
Description: text/x-patch (2.2 KB)
Attachment: SimpleQuery.java.diff
Description: text/x-patch (1.9 KB)

In response to

Responses

pgsql-jdbc by date

Next:From: Kris JurkaDate: 2008-09-21 23:22:59
Subject: Re: PreparedStatement.toString() creates valid SQL; was: Q: use setObject also for int or string
Previous:From: Addleman, Mark JDate: 2008-09-20 00:35:02
Subject: COPY support in JDBC driver?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group