On 12/21/05, Hassan Schroeder <[EMAIL PROTECTED]> wrote:
> Nathan Gross wrote:
>
> > Woa! Let me verify. If I pass a qry string:
> >  "SELECT Anyfield from Anytable where Anyfield = 'The man was 100% correct' 
> > "
> > to a Connector/J Statement (or PreparedStatement via parameters), the
> > driver will automatically [behind the scenes] escape the percent sign?
>
> Again, this is a function of *PreparedStatement*s. You'll also find
> references to them as you research "SQL injection attack" :-)
>
Will do.
Thanks;
-nat

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]

Reply via email to