Hi, Vit,
Vit Timchishin <tivvpgsqljdbc@gtech-ua.com> wrote:
> > I always thought that the Strings that I set with setString() don't
> > have to be escaped at all, the Driver will handle it transparently (by
> > either escaping for V2 protocol, or using BIND with the appropriate
> > encoding).
> >
> > But, of course, when I have a String Literal in the source, I need to
> > add a layer of Java escaping for ", \, and some others.
> >
> >
> I suppose you've missed the main: "you need to escape only when you are
> using LIKE".
Yes, the LIKE specific escaping will stay there, but that layer is
independent of statement-level escaping.
What I wanted to show was: When you create your queries via String
concatenation, you have to implement the statement-level escaping
yourself, with prepared statements, the driver should completely handle
it.
That's independent of source-level escaping for String literals in
Java, and function-specific escaping inside the text for LIKE or
strings in function definitions.
Regards,
Markus
--
Markus Schaber | Logical Tracking&Tracing International AG
Dipl. Inf. | Software Development GIS
Fight against software patents in Europe! www.ffii.org
www.nosoftwarepatents.org