Re: escape string for pgsql (using jdbc/java)?

From: Kris Jurka <books(at)ejurka(dot)com>
To: Tobias Thierer <t_thierer(at)yahoo(dot)de>
Cc: pgsql-jdbc(at)postgresql(dot)org
Subject: Re: escape string for pgsql (using jdbc/java)?
Date: 2007-01-26 00:42:00
Message-ID: Pine.BSO.4.64.0701251936550.15719@leary2.csoft.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

On Fri, 26 Jan 2007, Tobias Thierer wrote:

> I was previously using MySQL and escaped strings following the document at:
>
> http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
>
> But I couldn't find a corresponding specification for pgsql.

http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html

See 4.1.2.1 String constants.

> 1.) Is there a built-in method somewhere in the jdbc driver that escapes
> strings and makes them safe to use in an SQL statement (inside a
> string)?

There is org.postgresql.core.Utils#appendEscapedString, but it's not
something we support or advertise. It's really for internal use only.

> 2.) Which characters do I need to escape for pgsql? Is ' the only one,
> and I need to escape it as '' ? Do I need to escape \ ? Will I need to
> escape all the characters that I escaped for MySQL? Where can I find
> out more?

You need to escape ' and \ if you standard_conforming_strings is on.
Monitoring this setting can be tough, so the safest thing to do is
probably to always use the E'string' escape syntax and escape both
characters.

Kris Jurka

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message Ken Johanson 2007-01-26 03:54:37 Re: Synthesize support for Statement.getGeneratedKeys()?
Previous Message Dave Cramer 2007-01-25 23:44:30 Re: escape string for pgsql (using jdbc/java)?