Re: Prepared Statements - Mailing list pgsql-jdbc

From Kim Ho
Subject Re: Prepared Statements
Date
Msg-id 1058544200.19657.119.camel@topanga.toronto.redhat.com
Whole thread Raw
In response to Re: Prepared Statements  (wsheldah@lexmark.com)
List pgsql-jdbc
Hi,

String fields are escaped (I believe this would cover CHAR, VARCHAR,
etc)

I added the single quotes when binding numbers in my patch for
registerOutParameter and that one is going to be reviewed by Dave.

Cheers,

Kim

On Fri, 2003-07-18 at 11:10, wsheldah@lexmark.com wrote:
>
> If it only skips the escaping for numeric types, the obvious workaround
> would be first put the user's entry into an int variable:
>
> int userId = getUserId();
> PreparedStatement s = c.prepareStatement ("select * from user where id
> = ?");
> s.setObject(1, userId, Types.INTEGER);
>
> That way you use java's built-in type checking to avoid sending non-numeric
> data to the backend any time you're specifying a numeric type that will
> skip the escaping.
>
> Can someone confirm that it at least does do the escaping for
> string/varchar inputs?
>
> Wes Sheldahl
>


pgsql-jdbc by date:

Previous
From: wsheldah@lexmark.com
Date:
Subject: Re: Prepared Statements
Next
From: Felipe Schnack
Date:
Subject: Re: Prepared Statements