Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to escape this JDBC string when right side is a little complicated?

 
Dave Alvarado
Ranch Hand
Posts: 436
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I'm using Java 1.6 with Oracle 10.2. Right now, I build my SQL statement like this ...



Obviously, this is less than optimal because it allows for SQL injection. Is there a way I can rewrite the above to take advantage of PreparedStatements? Thanks, - Dave
 
Mykhailo Kozik
Greenhorn
Posts: 16
Eclipse IDE Java Ubuntu
  • 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Use PreparedStatement.
It automatically prevents injections and also has higher performance.
 
Rob Spoor
Sheriff
Pie
Posts: 20380
46
Chrome Eclipse IDE Java Windows
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Moving to JDBC.
 
Dave Alvarado
Ranch Hand
Posts: 436
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Mykhalio,

PreparedStatement is not going to work ...



The expression after the "=" is more complicated. That's why I'm asking. - Dave
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure I follow. Why is a PreparedStatement not going to work in this case? (Sorry if I'm just missing something obvious)
 
Rui Silva
Greenhorn
Posts: 6
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
try


or I'm not understating the problem to...

regards
 
Mykhailo Kozik
Greenhorn
Posts: 16
Eclipse IDE Java Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dave Alvarado wrote:Mykhalio,
PreparedStatement is not going to work ...


Really, i don't see the problem.
Use complicated part as part of PreparedStatement.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic