MySQL Forums :: JDBC and Java :: Escaping String Method
Escaping String Method
Posted by: th nb ()
Date: October 01, 2012 10:37AM
Is there a (static) method somewhere in connector-j that you can pass a string value so that is safely escaped (as in safe from SQL-injection concerns), e.g. for purposes of inclusion in an INSERT or UPDATE statement or as part of a WHERE clause?
public static String safeEscape(String value) { .... }
It would be very useful if there was; I'm guessing it might need to consider encoding issues, so it might need to take an encoding argument?
And yes I know all about PreparedStatements of course, so please don't respond with use PreparedStatements :)
public static String safeEscape(String value) { .... }
It would be very useful if there was; I'm guessing it might need to consider encoding issues, so it might need to take an encoding argument?
And yes I know all about PreparedStatements of course, so please don't respond with use PreparedStatements :)
| Subject | Written By | Posted |
|---|---|---|
| Escaping String Method | th nb | 10/01/2012 10:37AM |
| Re: Escaping String Method | Todd Farmer | 10/03/2012 02:36PM |
| Re: Escaping String Method | th nb | 10/03/2012 04:59PM |
Sorry, you can't reply to this topic. It has been closed.
Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.
© 2013, Oracle Corporation and/or its affiliates