Return-Path: Delivered-To: apmail-jakarta-log4j-user-archive@apache.org Received: (qmail 25658 invoked from network); 6 Jun 2002 21:07:26 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 6 Jun 2002 21:07:26 -0000 Received: (qmail 20388 invoked by uid 97); 6 Jun 2002 21:07:29 -0000 Delivered-To: qmlist-jakarta-archive-log4j-user@jakarta.apache.org Received: (qmail 20372 invoked by uid 97); 6 Jun 2002 21:07:28 -0000 Mailing-List: contact log4j-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Log4J Users List" Reply-To: "Log4J Users List" Delivered-To: mailing list log4j-user@jakarta.apache.org Received: (qmail 20360 invoked by uid 98); 6 Jun 2002 21:07:28 -0000 X-Antivirus: nagoya (v4198 created Apr 24 2002) Message-Id: <5.1.0.14.0.20020606223755.02115d08@mail.qos.ch> X-Sender: ceki@mail.qos.ch X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 06 Jun 2002 23:07:21 +0200 To: "Log4J Users List" From: Ceki =?iso-8859-1?Q?G=FClc=FC?= Subject: Re: Log4j JDBCAppender In-Reply-To: <3CFFBFB4.9060003@pobox.com> References: <3CFF8D99.5030009@pacbell.net> <3CFFA4FD.4080808@pobox.com> <3CFFAABF.7000305@pacbell.net> <5.1.0.14.0.20020606214318.02125ec8@mail.qos.ch> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N At 16:01 06.06.2002 -0400, you wrote: >Ceki G=FClc=FC wrote: > >>> >>>Nowhere in there was I forced to escape anything. I agree with you that= =20 >>>if you aren't using preparedstatements, constructing an algorithm to=20 >>>safely, generically escape arbitrary strings for inclusion directly into= =20 >>>a SQL is a non-trivial, possibly impossible task. It's really something= =20 >>>that *should* be part of the JDBC API. >> >> >>Hmm, >> >>Have you seen=20 >>http://developer.java.sun.com/developer/onlineTraining/Programming/JDCBook= /jdbc.html=20 >>? >> >>(more particularly the section entitled "Escaping Characters") >Thanks for the heads-up Ceki -- I stand corrected! So, can the original=20 >problem be solved by creative use of this escape keyword/extension? The=20 >page also points out: "However, if you use a |PreparedStatement| instead= =20 >of a simple |Statement|, most of these escape problems go away." So many=20 >hammers, so few nails. :-) The escape problem is something we are frequently confronted with. See for example org.apache.log4j.helpers.Transform which is used in XMLLayout and also HTMLLayout. It's a common problem and once you solve it once or twice its novelty goes away. I rather not worry about escaping problems and delegate the work to PreparedStatements which have several other advantages that have been discussed on log4j-dev@. -- Ceki SUICIDE BOMBING - A CRIME AGAINST HUMANITY Sign the petition: http://www.petitiononline.com/1234567b I am signatory number 22106. What is your number? -- To unsubscribe, e-mail: For additional commands, e-mail: