Re: How does postgres handle non literal string values

Поиск
Список
Период
Сортировка
От Charles H. Woloszynski
Тема Re: How does postgres handle non literal string values
Дата
Msg-id 3DEDFC62.6060703@clearmetrix.com
обсуждение исходный текст
Ответ на Re: How does postgres handle non literal string values  (Vernon Wu <vernonw@gatewaytech.com>)
Ответы Re: How does postgres handle non literal string values  (Vernon Wu <vernonw@gatewaytech.com>)
Список pgsql-sql
Vernon:

Agreed.  We use Struts (as our MVC framework), and then a data access 
layer (we call persistables) that uses the PreparedStatements. Our JSPs 
only get data to render *after* the business logic has decided that all 
logic has been performed successfully.

The end-result is easily compartmentalized code (lots of code factoring) 
that makes for very robust applications.  We are working on moving this 
framework to PostgreSQL (from Oracle) and we expect to have to touch the 
SQL statements (which are each in their own class, again for re-use) and 
perhaps two or three other classes to deal with any JDBC driver issues.  When we make the transition successfully, I
hopeto be able to 
 
publicize the work and the value of PostgreSQL.

Charlie

Vernon Wu wrote:

>In general, it isn't a good idea to have SQL statements in JSP files. A good practise is using Mode 2. The Struts is a

>popular Mode 2 framework. If your application is very small and it won't grow into a big one, you can get around using

>Mode 1. In the situation, the SQL tags of JSTL will be a recommeded mechanism.
>
>11/26/2002 8:05:27 AM, "Charles H. Woloszynski" <chw@clearmetrix.com> wrote:
>
>  
>
>>Actually, we use JDBC Prepared Statements for this type of work.  You 
>>put a query with '?' in as placeholders and then add in the values and 
>>the library takes care of the encoding issues.  This avoids the double 
>>encoding of (encode X as String, decode string and encode as SQL X on 
>>the line).  There was a good article about a framework that did this in  
>>JavaReport about a 18 months ago.  
>>
>>We have gleaned some ideas from that article to create a framework 
>>around using PreparedStatements as the primary interface to the 
>>database.  I'd suggest looking at them.  They really make your code much 
>>more robust.
>>
>>Charlie
>>
>>
>>    
>>
>>>"')..."
>>>
>>>You *will* want to escape the username and password otherwise I'll be able to 
>>>come along and insert any values I like into your database. I can't believe 
>>>the JDBC classes don't provide 
>>>
>>>1. Some way to escape value strings
>>>2. Some form of placeholders to deal with this
>>>
>>> 
>>>
>>>      
>>>
>>-- 
>>
>>
>>Charles H. Woloszynski
>>
>>ClearMetrix, Inc.
>>115 Research Drive
>>Bethlehem, PA 18015
>>
>>tel: 610-419-2210 x400
>>fax: 240-371-3256
>>web: www.clearmetrix.com
>>
>>
>>
>>
>>
>>---------------------------(end of broadcast)---------------------------
>>TIP 5: Have you checked our extensive FAQ?
>>
>>http://www.postgresql.org/users-lounge/docs/faq.html
>>
>>    
>>
>
>
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: Have you searched our list archives?
>
>http://archives.postgresql.org
>  
>

-- 


Charles H. Woloszynski

ClearMetrix, Inc.
115 Research Drive
Bethlehem, PA 18015

tel: 610-419-2210 x400
fax: 240-371-3256
web: www.clearmetrix.com






В списке pgsql-sql по дате отправления:

Предыдущее
От: Dennis Björklund
Дата:
Сообщение: Re: loop query results
Следующее
От: "Alphasoft"
Дата:
Сообщение: Problem with view in PostgreSQl 7.3