Re: I'm reading the source now... - Mailing list pgsql-jdbc
| From | Thomas O'Dowd |
|---|---|
| Subject | Re: I'm reading the source now... |
| Date | |
| Msg-id | 20020501082507.N14697@beast.uwillsee.com Whole thread Raw |
| In response to | Re: I'm reading the source now... (Dave Cramer <Dave@micro-automation.net>) |
| Responses |
Re: I'm reading the source now...
(Dave Cramer <Dave@micro-automation.net>)
Re: I'm reading the source now... (tony <tony@animaproductions.com>) |
| List | pgsql-jdbc |
Tony,
Wonder if you could send the actual code around the query as this is
a rather curious error. Are you actually using the setString() method
of the PreparedStatement to set up the string? If so what does your
prepared statement template look like? It should be something like...
"SELECT name FROM table WHERE name ilike %"
And then the string that you set in the query should be setup using
something like...
ps.setString(1, varname + "%"); // maybe add the percent for ilike?
// don't add it in the PS template.
If you print varname, before setting it, it should be just "N'"...
Try printing the prepared statement also before executing it. You can
just us System.out.println(ps.toString()); The result should be something
like this...
"SELECT name FROM table WHERE name ilike 'N\'%'"
Tom.
On Tue, Apr 30, 2002 at 04:21:51PM -0400, Dave Cramer wrote:
> Tony,
>
> Actually reading the spec myself, there's nothing the driver can do with
> N' as a query if it is just through a Statement.executeQuery,
> if however it is through a PreparedStatment.setString, then it can be
> dealt with
>
> I think you need to catch the input before hand and escape it
>
> Dave
> On Tue, 2002-04-30 at 15:29, tony wrote:
> > On Tue, 2002-04-30 at 20:53, Dave Cramer wrote:
> >
> > > What would be helpful here is a test case which exhibits the error;
> > > otherwise it's kind of like looking for a needle in a haystack.
> >
> > http://mail.animaproductions.com/f3c
> >
> > look for N' in the first search box. It should bring up a famous
> > african director.
> >
> > When I wrote the original version of the Ultradev web page I had built a
> > flat text perl "database" app. for a client. I then rewrote everything
> > in JSP. At that time when I did a select from the database I could use
> > single quotes in queries with no code other than the code generated by
> > Ultradev.
> >
> > I remember that distinctly because my client asked me for accents and
> > single quotes in queries. I used to_ascii() in the select statements and
> > it just worked.
> >
> > All was well until I noticed that this was no longer the case after I
> > upgraded my server after my hardware adventures of last summer...
> >
> > I moved to postgres 7.0 and Tomcat 3.2.
> >
> > §§§§§§§§§§§§§§§§§§§
> > All is well.
> >
> > I have now written the methods into the pages. I'll stop bugging
> > everyone on this thing. At least it got me real deep into understanding
> > Java. But from my interpretation of the docs at Sun escapeSQL is
> > something that one finds in preparedStatement in the JDBC driver. I am
> > probably wrong.
> >
> > Cheers
> >
> > Tony Grant
> >
> >
> >
> > --
> > RedHat Linux on Sony Vaio C1XD/S
> > http://www.animaproductions.com/linux2.html
> > Macromedia UltraDev with PostgreSQL
> > http://www.animaproductions.com/ultra.html
> >
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 2: you can get off all lists at once with the unregister command
> > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
> >
> >
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
Thomas O'Dowd. - Nooping - http://nooper.com
tom@nooper.com - Testing - http://nooper.co.jp/labs
pgsql-jdbc by date: