logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ceki Gülcü <c...@qos.ch>
Subject Re: Log4j JDBCAppender
Date Thu, 06 Jun 2002 21:07:21 GMT
At 16:01 06.06.2002 -0400, you wrote:
>Ceki Gülcü wrote:
>
>>>
>>>Nowhere in there was I forced to escape anything.  I agree with you that 
>>>if you aren't using preparedstatements, constructing an algorithm to 
>>>safely, generically escape arbitrary strings for inclusion directly into 
>>>a SQL is a non-trivial, possibly impossible task.  It's really something 
>>>that *should* be part of the JDBC API.
>>
>>
>>Hmm,
>>
>>Have you seen 
>>http://developer.java.sun.com/developer/onlineTraining/Programming/JDCBook/jdbc.html

>>?
>>
>>(more particularly the section entitled "Escaping Characters")
>Thanks for the heads-up Ceki -- I stand corrected!  So, can the original 
>problem be solved by creative use of this escape keyword/extension?  The 
>page also points out:  "However, if you use a |PreparedStatement| instead 
>of a simple |Statement|, most of these escape problems go away." So many 
>hammers, so few nails.  :-)

The escape problem is something we are frequently confronted with. See
for example org.apache.log4j.helpers.Transform which is used in
XMLLayout and also HTMLLayout. It's a common problem and once you
solve it once or twice its novelty goes away. I rather not worry about
escaping problems and delegate the work to PreparedStatements which
have several other advantages that have been discussed on log4j-dev@.


--
Ceki

SUICIDE BOMBING - A CRIME AGAINST HUMANITY
Sign the petition: http://www.petitiononline.com/1234567b
I am signatory number 22106. What is your number?


--
To unsubscribe, e-mail:   <mailto:log4j-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:log4j-user-help@jakarta.apache.org>


Mime
View raw message