Kevin Steppe wrote:
<snip>
>
> try sending the following into a string column without doing any
> escaping:
> hello "john" I'm Kevin, we're friends "you and I"
>
> such as: insert into testTable (StringCol) values (hello "john" I'm
> Kevin, we're friends "you and I")
>
> To make it work you'll need a few backslashes -- plus you'll need
> quotes at either end of the value which aren't escaped, note that
> neither double nor single quotes will solve the problem in this corner
> case. Then write me an algorithm to insert backslashes in the generic
> case where some quotes don't need an escape such as:
> insert into lt (message) values ('%m')
> -- ie, the quotes shouldn't be escaped, but the whole string once
> formated will need escapes inside
> Then I'll happily put that algorithm to use!
We're definitely not connecting here, for some reason. I think we're
talking about two different scenarios -- but just to make sure.... This
code works fine on every database server I've ever had to support
(Oracle***, Sybase ASE and ASA):
Create a file ("testfile.txt") with the following text (verbatim):
hello "john" I'm Kevin, we're friends "you and I"
String stringValue;
BufferedReader br = new BufferedReader(new FileReader(new
File("testfile.txt")));
try
{
stringValue = br.readLine();
}
finally
{
br.close();
}
PreparedStatement st = conn.prepareStatement("INSERT INTO
TestTable(StringCol) VALUES (?)");
try
{
st.setString(1, stringValue);
st.executeUpdate();
}
finally
{
st.close();
}
Nowhere in there was I forced to escape anything. I agree with you that
if you aren't using preparedstatements, constructing an algorithm to
safely, generically escape arbitrary strings for inclusion directly into
a SQL is a non-trivial, possibly impossible task. It's really something
that *should* be part of the JDBC API.
Ben
*** Note that this was using their server and OCI driver. Their thin
driver used to have too many bugs, some of which relate to
preparedstatement parameter processing, if I remember correctly.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
