Escaping String Method
Posted by: th nb
Date: October 01, 2012 10:37AM

Is there a (static) method somewhere in connector-j that you can pass a string value so that is safely escaped (as in safe from SQL-injection concerns), e.g. for purposes of inclusion in an INSERT or UPDATE statement or as part of a WHERE clause?

public static String safeEscape(String value) { .... }

It would be very useful if there was; I'm guessing it might need to consider encoding issues, so it might need to take an encoding argument?


And yes I know all about PreparedStatements of course, so please don't respond with use PreparedStatements :)

Options: ReplyQuote


Subject
Written By
Posted
Escaping String Method
October 01, 2012 10:37AM
October 03, 2012 02:36PM
October 03, 2012 04:59PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.