Re: Prepared Statements
| От | Oliver Jowett |
|---|---|
| Тема | Re: Prepared Statements |
| Дата | |
| Msg-id | 20030721151110.GL2506@opencloud.com обсуждение исходный текст |
| Ответ на | Re: Prepared Statements (Dmitry Tkach <dmitry@openratings.com>) |
| Ответы |
Re: Prepared Statements
|
| Список | pgsql-jdbc |
On Mon, Jul 21, 2003 at 10:39:11AM -0400, Dmitry Tkach wrote: > Oliver Jowett wrote: > > >Even if it was true, it's still better to have one piece of code that does > >the escaping, rather than N different ones. With escaping in the JDBC > >driver, you've reduced the scope of the code you need to audit for syntax > >from "all query strings and all parameters" to "the JDBC driver's > >parameter-escaping code and all query strings". > > > > > > > > Sure. And that's good. > That's precisely the point - if you guys start taking functionality > away, so that I am not longer able to do things with it that I used to > be able to do, then I will not be able to benefit from it as much as I > used to - I'll have to switch from PreparedStatements to Statements and > do all that escaping/parsing on my own. > That's exactly what I am trying to avoid The functionality we are "taking away" allows you to bypass the JDBC driver's parameter escaping. You can't have it both ways. -O
В списке pgsql-jdbc по дате отправления: