> I don't think any JDBC drivers actually escape characters when you are using
> a PreparedStatement. The parameters are actually placed using function calls
> to the DB instead of replacing the question marks in the SQL statement.
> PreparedStatements are much more flexible than normal Statements and I use
> them for all but the simplest queries.
Village uses prepared statements for everything under the covers so it makes
creating Preparedstatements trivial since you don't actually have to do it.
Here is some example Village code that translates what Craig wrote into just
a few simple lines of code:
String name = "My name's got a single quote in it";
double value = 3.14159;
TableDataSet tds = new TableDataSet(conn, "my_table");
Record rec = tds.addRecord();
rec.setValue("my_name", name);
rec.setValue("my_value", value);
tds.save();
tds.close();
Seems much cleaner if you ask me. No worries about creating the
PreparedStatements and having to get all of the settings right...
Village is 100% Open Source under the LGPL license...
<http://www.working-dogs.com/village/>
-jon
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
