Re: Using SELECT IN with prepared statement

From: Guillaume Cottenceau <gc(at)mnc(dot)ch>
To: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: Using SELECT IN with prepared statement
Date: 2008-11-11 16:16:56
Message-ID: 87abc6ck5j.fsf@mnc.ch
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

Ingmar Lötzsch <iloetzsch 'at' asci-systemhaus.de> writes:

> Of course you can concatenate the values like
>
> String idlist = "1, 2";
> String sql = "SELECT" + ... + "WHERE id IN (" + idlist + ")";
>
> and execute the statement. But there is no parameter.

...which is not too good, as the driver escapes/sanitizes input
much better than us (e.g. using parameters is *good*). Hence
personally, from JDBC, I like this workaround:

SELECT * FROM pg_language WHERE lanname = ANY( string_to_array(?, ',') );

See:

http://zarb.org/~gc/html/doc-misc.html#2008-08-21

--
Guillaume Cottenceau

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message Ingmar Lötzsch 2008-11-11 16:33:29 Re: Using SELECT IN with prepared statement
Previous Message Ingmar Lötzsch 2008-11-11 15:48:48 Re: Using SELECT IN with prepared statement