Skip site navigation (1) Skip section navigation (2)

Re: Using SELECT IN with prepared statement

From: Guillaume Cottenceau <gc(at)mnc(dot)ch>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: Using SELECT IN with prepared statement
Date: 2008-11-11 16:16:56
Message-ID: 87abc6ck5j.fsf@mnc.ch (view raw or flat)
Thread:
Lists: pgsql-jdbc
Ingmar Lötzsch <iloetzsch 'at' asci-systemhaus.de> writes:

> Of course you can concatenate the values like
>
> String idlist = "1, 2";
> String sql = "SELECT" + ... + "WHERE id IN (" + idlist + ")";
>
> and execute the statement. But there is no parameter.

...which is not too good, as the driver escapes/sanitizes input
much better than us (e.g. using parameters is *good*). Hence
personally, from JDBC, I like this workaround:

SELECT * FROM pg_language WHERE lanname = ANY( string_to_array(?, ',') );

See:

http://zarb.org/~gc/html/doc-misc.html#2008-08-21

-- 
Guillaume Cottenceau

In response to

Responses

pgsql-jdbc by date

Next:From: Ingmar LötzschDate: 2008-11-11 16:33:29
Subject: Re: Using SELECT IN with prepared statement
Previous:From: Ingmar LötzschDate: 2008-11-11 15:48:48
Subject: Re: Using SELECT IN with prepared statement

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group