Home > mailing lists

Re: Control characters in sql statements close db connection - Mailing list pgsql-jdbc

From	Tom Lane
Subject	Re: Control characters in sql statements close db connection
Date	January 17, 2003 16:38:02
Msg-id	13552.1042827932@sss.pgh.pa.us Whole thread Raw
In response to	Re: Control characters in sql statements close db connection (Barry Lind <blind@xythos.com>)
Responses	Re: Control characters in sql statements close db connection (Barry Lind <blind@xythos.com>)
List	pgsql-jdbc

Tree view

Barry Lind <blind@xythos.com> writes:
> Yes I would say this is expected behavior.  If you use the regular
> Statement object it is your responsibility to properly quote and escape
> the data.  However if you use a PreparedStatement then the driver
> handles it for you.

> So you would issue the following via a PreparedStatement:
> SELECT * FROM NEB_IPSNMPDEVICES WHERE NEB_IPSNMPDevices.PHY_ADDRESS = ?
> and then do a stmt.setString(1,"'^@`^]:u'");

But there is no escape for a \0, except in the limited context of
BYTEA values.  It'd probably be better for the driver to reject 'em.

Does JDBC understand about BYTEA fields?  If so, it could generate the
correct escape when filling a parameter for a BYTEA value, and fail
otherwise.

            regards, tom lane

pgsql-jdbc by date:

From: "Joel Hock"
Date: 17 January 2003, 16:10:38
Subject: insertRow and updateable resultset

From: Barry Lind
Date: 17 January 2003, 18:51:33
Subject: Re: Control characters in sql statements close db connection

Re: Control characters in sql statements close db connection - Mailing list pgsql-jdbc

Previous

Next