Hmmmm....
That's an interesting problem I will have to check to see if we are
vulnerable to that example
On the upside, if you use a prepared statement you won't have to do
anything, the string will be quoted for you
Dave
-----Original Message-----
From: pgsql-jdbc-owner@postgresql.org
[mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of tomcat@meinsenf.at
Sent: November 7, 2001 6:31 PM
To: pgsql-jdbc@postgresql.org
Subject: [JDBC] missing quote_string - function
Hi,
I'm new to postgresql (used MySQL before)!
I'm looking for a function to quote a query-string!
There's a function in MySQL (eg in PHP:
http://www.php.net/manual/en/function.mysql-escape-string.php) - is
there
nothing in postgresql's JDBC???
thanks
michi
---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster