At 15:32 06.06.2002 -0400, Ben Sandee wrote:
>We're definitely not connecting here, for some reason. I think we're
>talking about two different scenarios -- but just to make sure.... This
>code works fine on every database server I've ever had to support
>(Oracle***, Sybase ASE and ASA):
>
>Create a file ("testfile.txt") with the following text (verbatim):
>hello "john" I'm Kevin, we're friends "you and I"
>
>String stringValue;
>
>BufferedReader br = new BufferedReader(new FileReader(new
>File("testfile.txt")));
>try
>{
> stringValue = br.readLine();
>}
>finally
>{
> br.close();
>}
>
>PreparedStatement st = conn.prepareStatement("INSERT INTO
>TestTable(StringCol) VALUES (?)");
>try
>{
> st.setString(1, stringValue);
> st.executeUpdate();
>}
>finally
>{
> st.close();
>}
>
>Nowhere in there was I forced to escape anything. I agree with you that
>if you aren't using preparedstatements, constructing an algorithm to
>safely, generically escape arbitrary strings for inclusion directly into a
>SQL is a non-trivial, possibly impossible task. It's really something
>that *should* be part of the JDBC API.
Hmm,
Have you seen
http://developer.java.sun.com/developer/onlineTraining/Programming/JDCBook/jdbc.html
?
(more particularly the section entitled "Escaping Characters")
>Ben
--
Ceki
SUICIDE BOMBING - A CRIME AGAINST HUMANITY
Sign the petition: http://www.petitiononline.com/1234567b
I am signatory number 22106. What is your number?
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
