Re: Prepared Statements - Mailing list pgsql-jdbc

From Dmitry Tkach
Subject Re: Prepared Statements
Date
Msg-id 3F181511.70609@openratings.com
Whole thread Raw
In response to Re: Prepared Statements  (Fernando Nasser <fnasser@redhat.com>)
Responses Re: Prepared Statements
List pgsql-jdbc
>
> Well, I guess the bug will have be fixed asap as it is a security risk.


I am afraid, it will :-(
That's exactly why, as I told you yesterday, I tried to avoid upgrading
my driver versions too frequently - because of the 'bug fixes' like
this, that break stuff....

>
> What is the proper JDBC way for filling IN lists in prepared statements?

I am afraid, there is no standard about it :-(
Depends on the vendor...
Most of them (not postgres) support SQLData - to let you define and pass
in arbitrary types...

Some (like infomirx for example... don't know about Oracle) have sets
and arrays interchangeable - so that
setObject (1, sqlArrayContainingIdsToMatch, Types.ARRAY)
can be used...

Some people are used to hacks, like one described in an earlier post -
where yuo create a statement with an awful lot of questionmarks, and
then set each member of the set separately and cross your fingers,
hoping that you have enough placeholders for your whole set...

Dima




pgsql-jdbc by date:

Previous
From: Csaba Nagy
Date:
Subject: Re: Prepared Statements
Next
From: Csaba Nagy
Date:
Subject: Re: Prepared Statements