Re: escaping of SQL strings
Thank you, Serge. PreparedStatement.setString() does the escaping trick, all right. I've confirmed this with testing. The API documentation didn't give me a clue. Rich Serge Knystautas wrote: Richard O. Hammer wrote: I stumbled into this question when, using my James-offshoot server, I sent a test message with a possessive (single quote) in the subject: Subject: Friday's test and it failed with java.sql.SQLException: ERROR: parser: parse error at or near s You shouldn't do escaping yourself in Java. Do PreparedStatement.setString(paramNum, stringValue) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
escaping of SQL strings
When James stores message headers or other text in a database, I assume that it escapes the single-quote characters in those strings (and perhaps a few more characters as needed). But my look at the code this morning does not find that functionality, so I wonder if it is happening somewhere I am not looking. I am looking at these calls: mailrepository.JDBCMailRepository.store(Mail), which calls MimeMessageWrapper.writeTo(various) and I don't see any escaping going on there. Unfortunately I do not have a running copy of James with which to test this myself. I stumbled into this question when, using my James-offshoot server, I sent a test message with a possessive (single quote) in the subject: Subject: Friday's test and it failed with java.sql.SQLException: ERROR: parser: parse error at or near s So I have to be escaping my headers before I feed them into SQL, and I went looking in James for a good idea of a way to do it. But I have not found it yet. Assuming that James does this escaping, what method does it use? Thank you, Rich - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: escaping of SQL strings
Richard O. Hammer wrote: I stumbled into this question when, using my James-offshoot server, I sent a test message with a possessive (single quote) in the subject: Subject: Friday's test and it failed with java.sql.SQLException: ERROR: parser: parse error at or near s You shouldn't do escaping yourself in Java. Do PreparedStatement.setString(paramNum, stringValue) -- Serge Knystautas President Lokitech software . strategy . design http://www.lokitech.com p. 301.656.5501 e. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]