On 12/21/05, Mark Matthews <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Nathan Gross wrote: > > On 12/21/05, Hassan Schroeder <[EMAIL PROTECTED]> wrote: > >> Nathan Gross wrote: > >> > >>>> /* hint: java.sql.PreparedStatement */ > >>> I thought we are talking about a mysql specific function, which would > >>> not be in the vanilla j2se/j2ee pkg's. Actually, you know, I don't > >>> even know exactly what function I need to be looking for! > >> We're talking about escaping certain characters automatically, the > >> capability provided by PreparedStatements, implemented in this case > >> by Connector/J, which *is* MySQL-specific :-) > > Woa! Let me verify. If I pass a qry string: > > "SELECT Anyfield from Anytable where Anyfield = 'The man was 100% correct' > > " > > to a Connector/J Statement (or PreparedStatement via parameters), the > > driver will automatically [behind the scenes] escape the percent sign? > > If so, wow! > > Thanks; > > -nat > > > > Nat, > > No, it does not escape "%", it only escapes quotes and binary data, just > as any other prepared statement implementation from any vendor does. > > The '%' sign only has significance for the LIKE operator, so it doesn't > come into play in your above SELECT statement. True. However, after reviewing everything I learned via this thread, I still do not know if I have to clean my data, or regardless of any char within the varchar field, mysql's finding mechanism will not break, as long as I properly escape various characters in my SELECTs. It seems like the latter is true, which is welcome news. Thanks; -nat
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]