Or to directly use the DataSource, Connection, PreparedStatement, and ResultSet in a <xsp:logic> block.
So in this case, you would better doing it in flow with a DAO... :)
I strongly recommend against manually escaping the parameters because different databases may need to escape other sequences and employ other syntax. The JDBC driver should know best ;-)
Of course, this way is not the best, but for a given database, to make the code look better in XSP, that's what I did. You can also use a DAO in XSP, anyway. But I agree that esql:parameter should be used.
Additionally some databases (not postgresql) support prepared statements that are much faster because the SQL is parsed and optimized only once and uses dynamic parameters thereafter.
Isn't that true only if you're using your prepared statement many times in the code ? If the statement is created each time you call your XSP, I'm not sure there is a gain. But I'm not a JDBC pro.
-- Olivier Billard
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
