Home > mailing lists

Re: Using SELECT IN with prepared statement - Mailing list pgsql-jdbc

From	Ingmar Lötzsch
Subject	Re: Using SELECT IN with prepared statement
Date	November 11, 2008 15:33:44
Msg-id	4919B3D9.50205@asci-systemhaus.de Whole thread Raw
In response to	Re: Using SELECT IN with prepared statement (Guillaume Cottenceau <gc@mnc.ch>)
List	pgsql-jdbc

Tree view

Guillaume Cottenceau schrieb:
> Ingmar Lötzsch <iloetzsch 'at' asci-systemhaus.de> writes:
>
>> Of course you can concatenate the values like
>>
>> String idlist = "1, 2";
>> String sql = "SELECT" + ... + "WHERE id IN (" + idlist + ")";
>>
>> and execute the statement. But there is no parameter.
>
> ...which is not too good, as the driver escapes/sanitizes input
> much better than us (e.g. using parameters is *good*). Hence
> personally, from JDBC, I like this workaround:
>
> SELECT * FROM pg_language WHERE lanname = ANY( string_to_array(?, ',') );

Yes, I tried this too. You have to implement the conversion
Collection<Integer> -> String. Why not inside an Array?

And if you are using int/bigint for identifiers, there is no need to
escape or sanitize these strings.

> See:
>
> http://zarb.org/~gc/html/doc-misc.html#2008-08-21

pgsql-jdbc by date:

From: Guillaume Cottenceau
Date: 11 November 2008, 15:17:04
Subject: Re: Using SELECT IN with prepared statement

From: Tiago Alves
Date: 11 November 2008, 17:21:22
Subject: Re: Using SELECT IN with prepared statement

Re: Using SELECT IN with prepared statement - Mailing list pgsql-jdbc

Previous

Next