Re: How does postgres handle non literal string values

Actually, we use JDBC Prepared Statements for this type of work.  You 
put a query with '?' in as placeholders and then add in the values and 
the library takes care of the encoding issues.  This avoids the double 
encoding of (encode X as String, decode string and encode as SQL X on 
the line).  There was a good article about a framework that did this in  
JavaReport about a 18 months ago.  

We have gleaned some ideas from that article to create a framework 
around using PreparedStatements as the primary interface to the 
database.  I'd suggest looking at them.  They really make your code much 
more robust.

Charlie


>"')..."
>
>You *will* want to escape the username and password otherwise I'll be able to 
>come along and insert any values I like into your database. I can't believe 
>the JDBC classes don't provide 
>
>1. Some way to escape value strings
>2. Some form of placeholders to deal with this
>
>  
>

-- 


Charles H. Woloszynski

ClearMetrix, Inc.
115 Research Drive
Bethlehem, PA 18015

tel: 610-419-2210 x400
fax: 240-371-3256
web: www.clearmetrix.com