commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <>
Subject Re: Possible addition to StringUtils
Date Mon, 10 Dec 2001 04:19:33 GMT

On Sun, 9 Dec 2001, Jason van Zyl wrote:

> Date: Sun, 09 Dec 2001 22:09:05 -0500
> From: Jason van Zyl <>
> Reply-To: Jakarta Commons Developers List <>
> To: Jakarta Commons Developers List <>
> Subject: Re: Possible addition to StringUtils
> On 12/9/01 9:14 PM, "Chad Johnson" <> wrote:
> > Hey,
> > Just wondering if a method that escapes single and double quotes, and
> > other potential SQL query breaking characters has been considered for
> > addition to the StringUtils class?
> Probably not. I'd say that's a little specific and the quoting schemes are
> sometimes different for different databases. This type of string
> manipulation that's database specific should probably be handled in your
> persistence mechanism. In Torque (
> the behaviour of a particular database is modeled in an individual class,
> quoting is handled here.

I've never had a problem with quote escaping since I went to using
PreparedStatements for *all* database accesses (even if you're not going
to reuse the PreparedStatement more than once).  It's a much simpler
programming approach.

This also deals with all the wierdness of representing dates, times, and
so on in a database-independent manner.  Of course, no solution is perfect
-- you still have database-specific things for arcane join syntax and the
like, but prepared statements for all calls covers 90-95% of the issues.


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message