From: | Ingmar Lötzsch <iloetzsch(at)asci-systemhaus(dot)de> |
---|---|
To: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: Using SELECT IN with prepared statement |
Date: | 2008-11-11 16:33:29 |
Message-ID: | 4919B3D9.50205@asci-systemhaus.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Guillaume Cottenceau schrieb:
> Ingmar Lötzsch <iloetzsch 'at' asci-systemhaus.de> writes:
>
>> Of course you can concatenate the values like
>>
>> String idlist = "1, 2";
>> String sql = "SELECT" + ... + "WHERE id IN (" + idlist + ")";
>>
>> and execute the statement. But there is no parameter.
>
> ...which is not too good, as the driver escapes/sanitizes input
> much better than us (e.g. using parameters is *good*). Hence
> personally, from JDBC, I like this workaround:
>
> SELECT * FROM pg_language WHERE lanname = ANY( string_to_array(?, ',') );
Yes, I tried this too. You have to implement the conversion
Collection<Integer> -> String. Why not inside an Array?
And if you are using int/bigint for identifiers, there is no need to
escape or sanitize these strings.
From | Date | Subject | |
---|---|---|---|
Next Message | Tiago Alves | 2008-11-11 18:19:20 | Re: Using SELECT IN with prepared statement |
Previous Message | Guillaume Cottenceau | 2008-11-11 16:16:56 | Re: Using SELECT IN with prepared statement |