On Fri, 26 Jan 2007, Tobias Thierer wrote:
> I was previously using MySQL and escaped strings following the document at:
> But I couldn't find a corresponding specification for pgsql.
See 188.8.131.52 String constants.
> 1.) Is there a built-in method somewhere in the jdbc driver that escapes
> strings and makes them safe to use in an SQL statement (inside a
There is org.postgresql.core.Utils#appendEscapedString, but it's not
something we support or advertise. It's really for internal use only.
> 2.) Which characters do I need to escape for pgsql? Is ' the only one,
> and I need to escape it as '' ? Do I need to escape \ ? Will I need to
> escape all the characters that I escaped for MySQL? Where can I find
> out more?
You need to escape ' and \ if you standard_conforming_strings is on.
Monitoring this setting can be tough, so the safest thing to do is
probably to always use the E'string' escape syntax and escape both
In response to
pgsql-jdbc by date
|Next:||From: Ken Johanson||Date: 2007-01-26 03:54:37|
|Subject: Re: Synthesize support for Statement.getGeneratedKeys()?|
|Previous:||From: Dave Cramer||Date: 2007-01-25 23:44:30|
|Subject: Re: escape string for pgsql (using jdbc/java)?|