Ceki G�lc� wrote: >> >> Nowhere in there was I forced to escape anything. I agree with you >> that if you aren't using preparedstatements, constructing an >> algorithm to safely, generically escape arbitrary strings for >> inclusion directly into a SQL is a non-trivial, possibly impossible >> task. It's really something that *should* be part of the JDBC API. > > > Hmm, > > Have you seen > http://developer.java.sun.com/developer/onlineTraining/Programming/JDCBook/jdbc.html > ? > > (more particularly the section entitled "Escaping Characters") > Thanks for the heads-up Ceki -- I stand corrected! So, can the original problem be solved by creative use of this escape keyword/extension? The page also points out: "However, if you use a |PreparedStatement| instead of a simple |Statement|, most of these escape problems go away." So many hammers, so few nails. :-)
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
