Would it not be useful to have a generic string escaper, that says for character x in a string, escape it with y?
Scott Sanders > -----Original Message----- > From: Jason van Zyl [mailto:[EMAIL PROTECTED]] > Sent: Sunday, December 09, 2001 7:09 PM > To: Jakarta Commons Developers List > Subject: Re: Possible addition to StringUtils > > > On 12/9/01 9:14 PM, "Chad Johnson" <[EMAIL PROTECTED]> wrote: > > > Hey, > > Just wondering if a method that escapes single and double > quotes, and > > other potential SQL query breaking characters has been > considered for > > addition to the StringUtils class? > > Probably not. I'd say that's a little specific and the > quoting schemes are sometimes different for different > databases. This type of string manipulation that's database > specific should probably be handled in your persistence > mechanism. In Torque (http://jakarta.apache.org/turbine/torque) > the behaviour of a particular database is modeled in an > individual class, quoting is handled here. > > > I'd imagine this would be usefull when > > using a prepared statement for query construction with > insecure data > > isn't an option. > > You would probably get into the case of looking at the > database type and having a bunch of variants of the method to > deal with the database. This is handled in Torque but in > general I say it should be handled in your persistence mechanism. > > > -Chad Johnson > > > > > > -- > > To unsubscribe, e-mail: > <mailto:commons-dev-> [EMAIL PROTECTED]> > > For > additional commands, > e-mail: > > <mailto:[EMAIL PROTECTED]> > > -- > > jvz. > > Jason van Zyl > http://tambora.zenplex.org http://jakarta.apache.org/turbine http://jakarta.apache.org/velocity http://jakarta.apache.org/alexandria http://jakarta.apache.org/commons -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
