| From: | David Nedrow <dnedrow(at)mac(dot)com> |
|---|---|
| To: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | String escaping? |
| Date: | 2006-12-13 17:09:33 |
| Message-ID: | 50899926-5B68-42EC-B126-75EBC7E38BF4@mac.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Are there any build-in JDK or JDBC (Sun or Postgresql driver)
functions for escaping strings before inserting/updating in the DB?
Eg., I'm using the following PreparedStatement...
addNickname = con.prepareStatement("insert into infobot.nicknames
(nickname, firstseen) values (?, to_timestamp(?))");
When providing the value via addNickname.setString(1, this.getString
()), is there some way for me to be sure that the contents of the
string I'm feeding to setString() are properly formed/escaped.
I'm basically looking for the Java equivalent of PHP's
pg_escape_string() function...
http://www.php.net/manual/en/function.pg-escape-string.php
I was hoping to avoid writing my own escape method, but may have to
as I have yet to find anything "off the shelf".
Any suggestions would be appreciated,
-David
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2006-12-13 17:21:17 | Re: String escaping? |
| Previous Message | Dave Cramer | 2006-12-13 13:58:36 | Re: issues with Statement.getTimestamp(int, Calendar) |