Are there any build-in JDK or JDBC (Sun or Postgresql driver)
functions for escaping strings before inserting/updating in the DB?
Eg., I'm using the following PreparedStatement...
addNickname = con.prepareStatement("insert into infobot.nicknames
(nickname, firstseen) values (?, to_timestamp(?))");
When providing the value via addNickname.setString(1, this.getString
()), is there some way for me to be sure that the contents of the
string I'm feeding to setString() are properly formed/escaped.
I'm basically looking for the Java equivalent of PHP's
pg_escape_string() function...
http://www.php.net/manual/en/function.pg-escape-string.php
I was hoping to avoid writing my own escape method, but may have to
as I have yet to find anything "off the shelf".
Any suggestions would be appreciated,
-David
