Re: String escaping? - Mailing list pgsql-jdbc

From Vit Timchishin
Subject Re: String escaping?
Date
Msg-id 4581318F.4030202@gtech-ua.com
Whole thread Raw
In response to Re: String escaping?  (Markus Schaber <schabi@logix-tt.com>)
Responses Re: String escaping?
List pgsql-jdbc
Markus Schaber wrote:
> Hi, Mark,
>
> Mark Lewis <mark.lewis@mir3.com> wrote:
>
>
>>> You don't generally need to escape your strings if you're using
>>> PreparedStatements.
>>>
>>>
>> The only exception to this rule is backslashes and (when using LIKE) the
>> '%' and '_' characters.  Although if you're running 8.2 and turn the
>> standard_conforming_strings setting ON then you don't need to worry
>> about backslashes.
>>
>
> That sounds confusing.
>
> I always thought that the Strings that I set with setString() don't
> have to be escaped at all, the Driver will handle it transparently (by
> either escaping for V2 protocol, or using BIND with the appropriate
> encoding).
>
> But, of course, when I have a String Literal in the source, I need to
> add a layer of Java escaping for ", \, and some others.
>
>
I suppose you've missed the main: "you need to escape only when you are
using LIKE".


pgsql-jdbc by date:

Previous
From: Markus Schaber
Date:
Subject: Re: String escaping?
Next
From: Markus Schaber
Date:
Subject: Re: String escaping?