At 16:01 06.06.2002 -0400, you wrote: >Ceki G�lc� wrote: > >>> >>>Nowhere in there was I forced to escape anything. I agree with you that >>>if you aren't using preparedstatements, constructing an algorithm to >>>safely, generically escape arbitrary strings for inclusion directly into >>>a SQL is a non-trivial, possibly impossible task. It's really something >>>that *should* be part of the JDBC API. >> >> >>Hmm, >> >>Have you seen >>http://developer.java.sun.com/developer/onlineTraining/Programming/JDCBook/jdbc.html >>? >> >>(more particularly the section entitled "Escaping Characters") >Thanks for the heads-up Ceki -- I stand corrected! So, can the original >problem be solved by creative use of this escape keyword/extension? The >page also points out: "However, if you use a |PreparedStatement| instead >of a simple |Statement|, most of these escape problems go away." So many >hammers, so few nails. :-)
The escape problem is something we are frequently confronted with. See for example org.apache.log4j.helpers.Transform which is used in XMLLayout and also HTMLLayout. It's a common problem and once you solve it once or twice its novelty goes away. I rather not worry about escaping problems and delegate the work to PreparedStatements which have several other advantages that have been discussed on log4j-dev@. -- Ceki SUICIDE BOMBING - A CRIME AGAINST HUMANITY Sign the petition: http://www.petitiononline.com/1234567b I am signatory number 22106. What is your number? -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
