Unfortunatly I can not do that, as the entire sql string is dynamically
generated. Is there no parseString() or escapeString() method? If not,
what charachers need escaping?
Thanks!
On 04 Nov 2002 11:14:00 +0900
"Thomas O'Dowd" <tom@nooper.com> wrote:
> Use the setString() method of PreparedStatement and it will escape
> things for you.
>
> Tom.
>
> On Mon, 2002-11-04 at 11:06, Timothy Reaves wrote:
> > What is the proper way to insure a text string (i.e. one read from
> > a
> > JTextField.getText()) is propery escaped? I assumed the JDBC driver
> > would do this automatically, but it does not. An ' character will
> > cause the JDBC driver to throw an exception.
> >
> > ---------------------------(end of
> > broadcast)--------------------------- TIP 5: Have you checked our
> > extensive FAQ?
> >
> > http://www.postgresql.org/users-lounge/docs/faq.html
> --
> Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
> i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
>
