Guillaume Cottenceau schrieb:
> Ingmar Lötzsch <iloetzsch 'at' asci-systemhaus.de> writes:
>
>> Of course you can concatenate the values like
>>
>> String idlist = "1, 2";
>> String sql = "SELECT" + ... + "WHERE id IN (" + idlist + ")";
>>
>> and execute the statement. But there is no parameter.
>
> ...which is not too good, as the driver escapes/sanitizes input
> much better than us (e.g. using parameters is *good*). Hence
> personally, from JDBC, I like this workaround:
>
> SELECT * FROM pg_language WHERE lanname = ANY( string_to_array(?, ',') );
Yes, I tried this too. You have to implement the conversion
Collection<Integer> -> String. Why not inside an Array?
And if you are using int/bigint for identifiers, there is no need to
escape or sanitize these strings.
> See:
>
> http://zarb.org/~gc/html/doc-misc.html#2008-08-21