commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chad Johnson <>
Subject Re: Possible addition to StringUtils
Date Mon, 10 Dec 2001 06:29:40 GMT
  I must admit, its not that I've run across a need for Statements its
just that they're more convienent (coming from a PHP background thats
something I need to let go of :).

I did a little research on the google groups.  The problem itself seems
quite vast.  The number of characters that need quoting varies from DB to
DB, and how you do the quoting vaires from DB to DB (ie '' or \').  So
the escaping this method needs to do would have to be DB specific.

Ultimately this 'method' seems out of the scope of StringUtil,
and in the end duplicates the functionality of PreparedStatements.

-Chad Johnson

----- Original Message -----
From: <>
To: "Jakarta Commons Developers List" <>
Sent: Sunday, December 09, 2001 11:02 PM
Subject: Re: Possible addition to StringUtils

> Reasons why not:
> 1) Craig pointed out that using PreparedStatements all the time is a
> better programming style and will avoid lots of nasty problems. Equally
> though, what cases have you come across when PrepStats aren't really
> viable?? When creating dynamic SQL I have found them to be a little bit
> a pain, but they end up being worth it in the longterm (as soon as you
> have a date column).
> 2) Which escaping choice do we make? Some databases escape with '' and
> others with \'. Too hard to know. Do all databases escape % and _ the
> way?
> Still, not a bad idea :)
> Bay

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message