Re: J2EEStore and specials characters

Mon, 19 Aug 2002 12:12:34 -0700 

We have a util class to do sql string encoding, we would be happy to
contribute (ashok can add it to the stores).

One question: Is the cost of making prepared statements really any worse
than running every string through this?

public static String getSQLString(String theString)
{
String temp = null;
String temp1 = "";
// Check for null string
if (theString == null)
{
return temp;
}
// Change single quotes to two single quotes
int index = 0;
int nextIndex = 0;
temp = theString.trim();
if (temp.length() > 0)
{
if (temp.indexOf(39) != -1)
{
while (nextIndex != -1)
{
temp1 = temp;
index = temp.indexOf(39, nextIndex);
if (index != -1)
{
temp = temp1.substring(0, index);
temp += "\'";
temp += temp1.substring(index, temp1.length());
}
nextIndex = temp.indexOf(39, nextIndex + 2);
}
}
}
String retVal = "'" + temp + "'";
return retVal;
}


rgds
CB


----- Original Message -----
From: "Christopher Lenz" <[EMAIL PROTECTED]>
To: "Slide Developers Mailing List" <[EMAIL PROTECTED]>
Sent: Monday, August 19, 2002 11:50 AM
Subject: Re: J2EEStore and specials characters


> Hi Jean-Philippe,
>
> as some have reported, using PreparedStatements in the way we were doing
before
> - i.e. creating them for each execution - has serious performance
drawbacks. I
> haven't verified that, but it does make a lot of sense.
>
> For the problem you're describing, wouldn't it be enough to escape the '
> characters inside Strings ?
>
> Am 19.08.2002 17:09:22, schrieb Jean-Philippe Courson <[EMAIL PROTECTED]>:
> >Hi,
> >
> >A lot of SQL requests into J2EEStore are made using java.sql.Statement
> >and ' into them
> >as string delimiter.
> >
> >Using URIs with special characters can easily lead to SQL errors if they
> >are containing
> >for example ' character.
> >
> >Would not it be a better idea to use java.sql.PreparedStatement instead
> >to avoid all these
> >problems ?
> >
> >Any opinion on this ?
>
> --
> Christopher Lenz
> _______________________________________________
>  /=/ cmlenz at gmx.de
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Reply via email to