Re: Escaping strings? - Mailing list pgsql-jdbc
| From | Chris White |
|---|---|
| Subject | Re: Escaping strings? |
| Date | |
| Msg-id | NCBBIJCJEKFBDCFKEEEIMENFHGAA.cjwhite@cisco.com Whole thread Raw |
| In response to | Re: Escaping strings? (Thomas O'Dowd <tom@nooper.com>) |
| Responses |
Re: Escaping strings?
|
| List | pgsql-jdbc |
I think you also have to escape underscore(_).
-----Original Message-----
From: pgsql-jdbc-owner@postgresql.org
[mailto:pgsql-jdbc-owner@postgresql.org]On Behalf Of Thomas O'Dowd
Sent: Sunday, November 03, 2002 6:53 PM
To: Timothy Reaves
Cc: pgsql-jdbc@postgresql.org
Subject: Re: [JDBC] Escaping strings?
You need to escape \ and ' but using setString() is the most portable
way of doing it. Escape them both with \. Something like this...
StringBuffer sbuf = new StringBuffer();
for(i = 0; i < str.length(); i++)
{
char c = str.charAt(i);
if(c == '\\' || c == '\'')
sbuf.append((char)'\\');
sbuf.append(c);
}
Cheers,
Tom.
On Mon, 2002-11-04 at 11:35, Timothy Reaves wrote:
> Unfortunatly I can not do that, as the entire sql string is dynamically
> generated. Is there no parseString() or escapeString() method? If not,
> what charachers need escaping?
>
> Thanks!
>
> On 04 Nov 2002 11:14:00 +0900
> "Thomas O'Dowd" <tom@nooper.com> wrote:
>
> > Use the setString() method of PreparedStatement and it will escape
> > things for you.
> >
> > Tom.
> >
> > On Mon, 2002-11-04 at 11:06, Timothy Reaves wrote:
> > > What is the proper way to insure a text string (i.e. one read from
> > > a
> > > JTextField.getText()) is propery escaped? I assumed the JDBC driver
> > > would do this automatically, but it does not. An ' character will
> > > cause the JDBC driver to throw an exception.
> > >
> > > ---------------------------(end of
> > > broadcast)--------------------------- TIP 5: Have you checked our
> > > extensive FAQ?
> > >
> > > http://www.postgresql.org/users-lounge/docs/faq.html
> > --
> > Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
> > i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
> >
>
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
>
> http://archives.postgresql.org
--
Thomas O'Dowd, CEO, Nooper.com - Mobile Services Inc., Tokyo, Japan
i-mode & FOMA consulting, development, testing: http://nooper.co.jp/
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly
pgsql-jdbc by date: