Re: How does postgres handle non literal string values - Mailing list pgsql-sql

From Vernon Wu
Subject Re: How does postgres handle non literal string values
Date
Msg-id GCKH616ZVUXTE0SQ1YLK5Z4YYVVSQLSM.3dee375b@kimiko
Whole thread Raw
In response to Re: How does postgres handle non literal string values  ("Charles H. Woloszynski" <chw@clearmetrix.com>)
List pgsql-sql
When the MVC pattern is employed and EJB is absented, the DAO pattern shall be utilized. With this system design, the 
DB routines are isolated from the rest of system for the purpose of "robust" as you mentioned. In the future, you only

need to write another set of DAO implemention if you decide to use another DB, say SAP DB for example. 

A DB connection pool also is desired, which shall take care of the JDBC driver look up.  

12/4/2002 5:00:18 AM, "Charles H. Woloszynski" <chw@clearmetrix.com> wrote:

>Vernon:
>
>Agreed.  We use Struts (as our MVC framework), and then a data access 
>layer (we call persistables) that uses the PreparedStatements. Our JSPs 
>only get data to render *after* the business logic has decided that all 
>logic has been performed successfully.
>
>The end-result is easily compartmentalized code (lots of code factoring) 
>that makes for very robust applications.  We are working on moving this 
>framework to PostgreSQL (from Oracle) and we expect to have to touch the 
>SQL statements (which are each in their own class, again for re-use) and 
>perhaps two or three other classes to deal with any JDBC driver issues. 
>  When we make the transition successfully, I hope to be able to 
>publicize the work and the value of PostgreSQL.
>
>Charlie
>
>Vernon Wu wrote:
>
>>In general, it isn't a good idea to have SQL statements in JSP files. A good practise is using Mode 2. The Struts is
a
 
>>popular Mode 2 framework. If your application is very small and it won't grow into a big one, you can get around 
using 
>>Mode 1. In the situation, the SQL tags of JSTL will be a recommeded mechanism.
>>
>>11/26/2002 8:05:27 AM, "Charles H. Woloszynski" <chw@clearmetrix.com> wrote:
>>
>>  
>>
>>>Actually, we use JDBC Prepared Statements for this type of work.  You 
>>>put a query with '?' in as placeholders and then add in the values and 
>>>the library takes care of the encoding issues.  This avoids the double 
>>>encoding of (encode X as String, decode string and encode as SQL X on 
>>>the line).  There was a good article about a framework that did this in  
>>>JavaReport about a 18 months ago.  
>>>
>>>We have gleaned some ideas from that article to create a framework 
>>>around using PreparedStatements as the primary interface to the 
>>>database.  I'd suggest looking at them.  They really make your code much 
>>>more robust.
>>>
>>>Charlie
>>>
>>>
>>>    
>>>
>>>>"')..."
>>>>
>>>>You *will* want to escape the username and password otherwise I'll be able to 
>>>>come along and insert any values I like into your database. I can't believe 
>>>>the JDBC classes don't provide 
>>>>
>>>>1. Some way to escape value strings
>>>>2. Some form of placeholders to deal with this
>>>>
>>>> 
>>>>
>>>>      
>>>>
>>>-- 
>>>
>>>
>>>Charles H. Woloszynski
>>>
>>>ClearMetrix, Inc.
>>>115 Research Drive
>>>Bethlehem, PA 18015
>>>
>>>tel: 610-419-2210 x400
>>>fax: 240-371-3256
>>>web: www.clearmetrix.com
>>>
>>>
>>>
>>>
>>>
>>>---------------------------(end of broadcast)---------------------------
>>>TIP 5: Have you checked our extensive FAQ?
>>>
>>>http://www.postgresql.org/users-lounge/docs/faq.html
>>>
>>>    
>>>
>>
>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 6: Have you searched our list archives?
>>
>>http://archives.postgresql.org
>>  
>>
>
>-- 
>
>
>Charles H. Woloszynski
>
>ClearMetrix, Inc.
>115 Research Drive
>Bethlehem, PA 18015
>
>tel: 610-419-2210 x400
>fax: 240-371-3256
>web: www.clearmetrix.com
>
>
>
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>





pgsql-sql by date:

Previous
From: "Alphasoft"
Date:
Subject: Problem with view in PostgreSQl 7.3
Next
From: javier garcia
Date:
Subject: Query about table and catalog