Re: I'm reading the source now... - Mailing list pgsql-jdbc

Thomas,

does this actually work?

I would have thought the select should have been

"SELECT name FROM table WHERE name ilike ?"

Dave

On Tue, 2002-04-30 at 19:25, Thomas O'Dowd wrote:
> Tony,
>
> Wonder if you could send the actual code around the query as this is
> a rather curious error. Are you actually using the setString() method
> of the PreparedStatement to set up the string? If so what does your
> prepared statement template look like? It should be something like...
>
>    "SELECT name FROM table WHERE name ilike %"
>
> And then the string that you set in the query should be setup using
> something like...
>
>    ps.setString(1, varname + "%");   // maybe add the percent for ilike?
>                                      // don't add it in the PS template.
>
> If you print varname, before setting it, it should be just "N'"...
>
> Try printing the prepared statement also before executing it. You can
> just us System.out.println(ps.toString()); The result should be something
> like this...
>
>    "SELECT name FROM table WHERE name ilike 'N\'%'"
>
> Tom.
>
> On Tue, Apr 30, 2002 at 04:21:51PM -0400, Dave Cramer wrote:
> > Tony,
> >
> > Actually reading the spec myself, there's nothing the driver can do with
> > N' as a query if it is just through a Statement.executeQuery,
> > if however it is through a PreparedStatment.setString, then it can be
> > dealt with
> >
> > I think you need to catch the input before hand and escape it
> >
> > Dave
> > On Tue, 2002-04-30 at 15:29, tony wrote:
> > > On Tue, 2002-04-30 at 20:53, Dave Cramer wrote:
> > >
> > > > What would be helpful here is a test case which exhibits the error;
> > > > otherwise it's kind of like looking for a needle in a haystack.
> > >
> > > http://mail.animaproductions.com/f3c
> > >
> > > look for  N'  in the first search box. It should bring up a famous
> > > african director.
> > >
> > > When I wrote the original version of the Ultradev web page I had built a
> > > flat text perl "database" app. for a client. I then rewrote everything
> > > in JSP. At that time when I did a select from the database I could use
> > > single quotes in queries with no code other than the code generated by
> > > Ultradev.
> > >
> > > I remember that distinctly because my client asked me for accents and
> > > single quotes in queries. I used to_ascii() in the select statements and
> > > it just worked.
> > >
> > > All was well until I noticed that this was no longer the case after I
> > > upgraded my server after my hardware adventures of last summer...
> > >
> > > I moved to postgres 7.0 and Tomcat 3.2.
> > >
> > > §§§§§§§§§§§§§§§§§§§
> > > All is well.
> > >
> > > I have now written the methods into the pages. I'll stop bugging
> > > everyone on this thing. At least it got me real deep into understanding
> > > Java. But from my interpretation of the docs at Sun escapeSQL is
> > > something that one finds in preparedStatement in the JDBC driver. I am
> > > probably wrong.
> > >
> > > Cheers
> > >
> > > Tony Grant
> > >
> > >
> > >
> > > --
> > > RedHat Linux on Sony Vaio C1XD/S
> > > http://www.animaproductions.com/linux2.html
> > > Macromedia UltraDev with PostgreSQL
> > > http://www.animaproductions.com/ultra.html
> > >
> > >
> > > ---------------------------(end of broadcast)---------------------------
> > > TIP 2: you can get off all lists at once with the unregister command
> > >     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> > >
> > >
> >
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
>
> --
> Thomas O'Dowd. - Nooping - http://nooper.com
> tom@nooper.com - Testing - http://nooper.co.jp/labs
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>
>