commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Craig R. McClanahan" <craig...@apache.org>
Subject Re: Possible addition to StringUtils
Date Mon, 10 Dec 2001 04:19:33 GMT


On Sun, 9 Dec 2001, Jason van Zyl wrote:

> Date: Sun, 09 Dec 2001 22:09:05 -0500
> From: Jason van Zyl <jvanzyl@zenplex.com>
> Reply-To: Jakarta Commons Developers List <commons-dev@jakarta.apache.org>
> To: Jakarta Commons Developers List <commons-dev@jakarta.apache.org>
> Subject: Re: Possible addition to StringUtils
>
> On 12/9/01 9:14 PM, "Chad Johnson" <chadj@csoft.net> wrote:
>
> > Hey,
> > Just wondering if a method that escapes single and double quotes, and
> > other potential SQL query breaking characters has been considered for
> > addition to the StringUtils class?
>
> Probably not. I'd say that's a little specific and the quoting schemes are
> sometimes different for different databases. This type of string
> manipulation that's database specific should probably be handled in your
> persistence mechanism. In Torque (http://jakarta.apache.org/turbine/torque)
> the behaviour of a particular database is modeled in an individual class,
> quoting is handled here.
>

I've never had a problem with quote escaping since I went to using
PreparedStatements for *all* database accesses (even if you're not going
to reuse the PreparedStatement more than once).  It's a much simpler
programming approach.

This also deals with all the wierdness of representing dates, times, and
so on in a database-independent manner.  Of course, no solution is perfect
-- you still have database-specific things for arcane join syntax and the
like, but prepared statements for all calls covers 90-95% of the issues.

Craig



--
To unsubscribe, e-mail:   <mailto:commons-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:commons-dev-help@jakarta.apache.org>


Mime
View raw message