Hi Jean-Philippe, as some have reported, using PreparedStatements in the way we were doing before - i.e. creating them for each execution - has serious performance drawbacks. I haven't verified that, but it does make a lot of sense.
For the problem you're describing, wouldn't it be enough to escape the ' characters inside Strings ? Am 19.08.2002 17:09:22, schrieb Jean-Philippe Courson <[EMAIL PROTECTED]>: >Hi, > >A lot of SQL requests into J2EEStore are made using java.sql.Statement >and ' into them >as string delimiter. > >Using URIs with special characters can easily lead to SQL errors if they >are containing >for example ' character. > >Would not it be a better idea to use java.sql.PreparedStatement instead >to avoid all these >problems ? > >Any opinion on this ? -- Christopher Lenz _______________________________________________ /=/ cmlenz at gmx.de -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
