Kris Jurka wrote:
>> 1.) Is there a built-in method somewhere in the jdbc driver that escapes
>> strings and makes them safe to use in an SQL statement (inside a
> There is org.postgresql.core.Utils#appendEscapedString, but it's not
> something we support or advertise. It's really for internal use only.
I dislike that this method expects me to tell it whether i have
standard_conforming_strings set - this kinda defeats the "write once, run
If I replace \ with \\ and DO have standard_conforming_strings set, then
this will actually create two \ characters in my string - right? So there is
no way I can do this "safely".
>> 2.) Which characters do I need to escape for pgsql? Is ' the only one,
>> and I need to escape it as '' ? Do I need to escape \ ? Will I
>> need to
>> escape all the characters that I escaped for MySQL? Where can I find
>> out more?
> You need to escape ' and \ if you standard_conforming_strings is on.
> Monitoring this setting can be tough, so the safest thing to do is
> probably to always use the E'string' escape syntax and escape both
I haven't found anything in the documentation about how this syntax works
exactly. The documentation refers to "the E'...' syntax", but doesn't tell
me what this syntax actually is (am I supposed to already know how this
syntax works, so just need to be told to use it!?). Do I have to put the E
in front of the beginning ', i.e.
becomes E'foo' ? (that can't be right, there must be some way I escape '
inside the string). So does 'foo' become
or what? How do I represent the literal string
Thanks in advance,
In response to
pgsql-jdbc by date
|Next:||From: Kris Jurka||Date: 2007-01-28 02:18:31|
|Subject: Re: escape string for pgsql (using jdbc/java)?|
|Previous:||From: Kris Jurka||Date: 2007-01-27 04:57:59|
|Subject: Re: Synthesize support for Statement.getGeneratedKeys()?|