Or to directly use the DataSource, Connection, PreparedStatement, and ResultSet in a <xsp:logic> block.
I strongly recommend against manually escaping the parameters because
different databases may need to escape other sequences and employ other
syntax. The JDBC driver should know best ;-)
Additionally some databases (not postgresql) support prepared statements
that are much faster because the SQL is parsed and optimized only once
and uses dynamic parameters thereafter.
Tom
--
T h o m a s Z e h e t b a u e r ( TZ251 )
PGP encrypted mail preferred - KeyID 96FFCB89
finger [EMAIL PROTECTED] for key
-----BEGIN GEEK CODE BLOCK-----
GS/IT d-- s: a-- C++++ UL++++ P+>$ L++>$ E--- W+ N+ o? !K w++$ O M-
V? PS+++ PE++ Y+ PGP+++ t+ 5 X R- tv b- DI(+) D+ G>++ e h! !r y+
------END GEEK CODE BLOCK------
signature.asc
Description: This is a digitally signed message part
