Michael Enke wrote:
> The PreparedStatement.toString() returns the query,
> replaced with available parameter, but string constants are not enclosed
> in apostrophes:
>
> 74: select * from a where a='a'
> 83: select * from a where a=a
>
> The 74 version put this into apostrophes if setString was used.
> If setInt was used, no apostrophes were output.
>
We've never claimed that the output of PreparedStatement.toString would
produce valid SQL. There are certainly other problems with it than just
missing apostrophes. It currently doesn't escape values, so it breaks
if your data contains embedded ' or \. It doesn't understand whether
the server has standard_conforming_strings enabled or not. What would
it to do with a parameter that is an InputStream? If the toString code
reads it, the driver cannot re-read it to send it to the server when
executed.
The InputStream is perhaps an unusual case, so I wouldn't be opposed if
someone wanted to make the simple cases work better, but it's not
something I'm particularly excited about.
Kris Jurka
