Tony,
setEscapeProcessing() and escapeSQL() do not do what you think they do.
They have nothing to do with quotes and such. Their purpose is as
defined in the jdbc spec to deal with handling special Escape commands
like the following: {d '2001-10-09'} . This allows one to put a date
literal into a sql statement without knowing the specific date format a
particular RDBMS might be expecting. These special escapes are designed
to help jdbc code be more database independent. The postgres jdbc
driver does not support all of the special Escapes defined by the jdbc
spec, but according to the source code it does support:
/*
* Filter the SQL string of Java SQL Escape clauses.
*
* Currently implemented Escape clauses are those mentioned in 11.3
* in the specification. Basically we look through the sql string for
* {d xxx}, {t xxx} or {ts xxx} in non-string sql code. When we find
* them, we just strip the escape part leaving only the xxx part.
* So, something like "select * from x where d={d '2001-10-09'}" would
* return "select * from x where d= '2001-10-09'".
*/
thanks,
--Barry
tony wrote:
> Hello,
>
> Trying to figure out how to integrate
> Statement.setEscapeProcessing(true)
>
> into a JSP it came upon me that to make the JSP RDBMS independant this
> code should be in the driver. So I downloaded the source and came up
> with
>
> public boolean execute(String sql) throws SQLException
> {
> if (escapeProcessing)
> sql = escapeSQL(sql);
>
> in statement. I'm using preparedStatement which if one reads Suns doc
> correctly escape characters "automagically".
>
> Can I just use escapeSQL in my query???
>
> Cheers
>
> Tony Grant
>