yes, a prepared statement will escape any special characters (like a ' in Oracle). matt > Content-Transfer-Encoding: 7bit > X-Priority: 3 (Normal) > X-MSMail-Priority: Normal > Importance: Normal > X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 > Date: Thu, 8 Jun 2000 13:05:13 -0700 > From: Robert Nicholson <[EMAIL PROTECTED]> > Subject: Escaping inputed data before JDBC sees it. > To: [EMAIL PROTECTED] > > Will a prepared statement automatically escape it's input? > > ie. if I'm doing an insert and I use a prepared statement to do the insert > can I not worry about the contents of the data for the fields I'm inserting? > > =========================================================================== > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets ==================================== Matt Houser Senior Java Developer World Wide Software Development Sun Microsystems, Inc. ------------------------------------ 500 Eldorado Boulevard, UBRM02-264 Broomfield, CO 80021 [EMAIL PROTECTED] (303) 272-9747 =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
