Home > mailing lists

Re: Prepared Statements - Mailing list pgsql-jdbc

From	Csaba Nagy
Subject	Re: Prepared Statements
Date	July 18, 2003 15:32:23
Msg-id	1058542355.24801.309.camel@coppola.ecircle.de Whole thread Raw
In response to	Re: Prepared Statements (Fernando Nasser <fnasser@redhat.com>)
Responses	Re: Prepared Statements (Felipe Schnack <felipes@ritterdosreis.br>)
List	pgsql-jdbc

Tree view

>
> Well, I guess the bug will have be fixed asap as it is a security risk.
>
> What is the proper JDBC way for filling IN lists in prepared statements?
>

I'm no JDBC expert, but the way we do it: create a prepared statement
with 100 (or whatever the max nr. of accepted params is) parameter
placeholders, and set the ones which are actually needed to their
parameter values, and set the rest to null.
The nulls will be finally ignored by the database.
Not the best solution, but it works just fine for us.

Cheers,
Csaba.

pgsql-jdbc by date:

From: Fernando Nasser
Date: 18 July 2003, 15:24:56
Subject: Re: Prepared Statements

From: Dmitry Tkach
Date: 18 July 2003, 15:40:12
Subject: Re: Prepared Statements

Re: Prepared Statements - Mailing list pgsql-jdbc

Previous

Next