Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 14613 invoked from network); 20 Nov 2006 04:30:02 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 20 Nov 2006 04:30:02 -0000 Received: (qmail 33893 invoked by uid 500); 20 Nov 2006 04:30:10 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 33862 invoked by uid 500); 20 Nov 2006 04:30:10 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 33851 invoked by uid 99); 20 Nov 2006 04:30:10 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Nov 2006 20:30:10 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of denials@gmail.com designates 64.233.182.184 as permitted sender) Received: from [64.233.182.184] (HELO nf-out-0910.google.com) (64.233.182.184) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Nov 2006 20:29:57 -0800 Received: by nf-out-0910.google.com with SMTP id x37so1834761nfc for ; Sun, 19 Nov 2006 20:29:36 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nuo0UWRbbZ47eZ0K7gUL0PvjY8FTZw3+wrqnVAlRlapSZQ5/oYFwVCPoODb8ElBZ/WtwyMpHfUBxJKdZyiF9VBn81cWYJwit++e2MCe0MhR40BhmTNVB1NzkmfPHY4Yxl+a76KO2IxWJ6DKALNx3IHqZuDUYP19mY/krmzgAtpE= Received: by 10.82.129.5 with SMTP id b5mr510308bud.1163996975954; Sun, 19 Nov 2006 20:29:35 -0800 (PST) Received: by 10.82.171.13 with HTTP; Sun, 19 Nov 2006 20:29:35 -0800 (PST) Message-ID: Date: Sun, 19 Nov 2006 23:29:35 -0500 From: "Dan Scott" To: "Derby Discussion" Subject: Re: Date - Timestamp format for inserts? In-Reply-To: <4560D157.2050201@nuix.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <0b8001c70c10$878cf340$6401a8c0@matkins> <4560D157.2050201@nuix.com> X-Virus-Checked: Checked by ClamAV on apache.org On 19/11/06, Daniel Noll wrote: > Marl Atkins wrote: > > What's wrong with this statement? > > INSERT INTO users > > (RecordID,CTMCClientID,OrgName,Prefix,FName,MidInit,LName,Addr1,Addr2,City,S > > tate,Zip,Phone,CellPhone,AltPhone,Fax,Email,Login,Password,Status,AccessLeve > > lID,DateCreated,CreatedBy,DateExpired ) VALUES(1,NULL,'SoftLink Systems, > > Inc.',NULL,'Marl',NULL,'Atkins',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL > > ,NULL,'marl','marl',0,1,'2006-09-10-00',1,'2050-01-01-00' ) > > Is there any particular reason you're not doing this the normal way? > > (i.e. using ? and then setTimestamp(int,Timestamp)) The original poster didn't mention which language was being used to access Derby. Yes, it's 99% likely that it was Java, but Derby does give people the ability to connect via OCBC, PHP, Perl, Python, etc... so a workaround in one specific language doesn't apply to all of those other languages. That being said, all of the official Derby docs speak JDBC only, so I should probably hold my tongue. But I do have to point out that saying "the normal way" isn't enough. You have to realize that people are coming to Derby from all kinds of different database backgrounds. For example, until recently it was common MySQL programming practice to simply interpolate language-level variables into SQL statements because MySQL lacked the ability to bind columns against parameter markers. In this case, you're really suggesting that the poster use a prepared SQL statement that contains one or more parameter markers (the ? symbol) that are bound against input variable(s). There's a general description of prepared statements at http://db.apache.org/derby/docs/dev/tuning/ctunperf18705.html, which doesn't mention one other major benefit of prepared statements -- they provide a fairly effective defence against SQL injection attacks. Dan