On Sun, 9 Dec 2001, Jason van Zyl wrote:
> Date: Sun, 09 Dec 2001 22:09:05 -0500
> From: Jason van Zyl <[EMAIL PROTECTED]>
> Reply-To: Jakarta Commons Developers List <[EMAIL PROTECTED]>
> To: Jakarta Commons Developers List <[EMAIL PROTECTED]>
> Subject: Re: Possible addition to StringUtils
>
> On 12/9/01 9:14 PM, "Chad Johnson" <[EMAIL PROTECTED]> wrote:
>
> > Hey,
> > Just wondering if a method that escapes single and double quotes, and
> > other potential SQL query breaking characters has been considered for
> > addition to the StringUtils class?
>
> Probably not. I'd say that's a little specific and the quoting schemes are
> sometimes different for different databases. This type of string
> manipulation that's database specific should probably be handled in your
> persistence mechanism. In Torque (http://jakarta.apache.org/turbine/torque)
> the behaviour of a particular database is modeled in an individual class,
> quoting is handled here.
>
I've never had a problem with quote escaping since I went to using
PreparedStatements for *all* database accesses (even if you're not going
to reuse the PreparedStatement more than once). It's a much simpler
programming approach.
This also deals with all the wierdness of representing dates, times, and
so on in a database-independent manner. Of course, no solution is perfect
-- you still have database-specific things for arcane join syntax and the
like, but prepared statements for all calls covers 90-95% of the issues.
Craig
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
