Re: Prepared Statements
| От | Dmitry Tkach |
|---|---|
| Тема | Re: Prepared Statements |
| Дата | |
| Msg-id | 3F181511.70609@openratings.com обсуждение исходный текст |
| Ответ на | Re: Prepared Statements (Fernando Nasser <fnasser@redhat.com>) |
| Ответы |
Re: Prepared Statements
|
| Список | pgsql-jdbc |
> > Well, I guess the bug will have be fixed asap as it is a security risk. I am afraid, it will :-( That's exactly why, as I told you yesterday, I tried to avoid upgrading my driver versions too frequently - because of the 'bug fixes' like this, that break stuff.... > > What is the proper JDBC way for filling IN lists in prepared statements? I am afraid, there is no standard about it :-( Depends on the vendor... Most of them (not postgres) support SQLData - to let you define and pass in arbitrary types... Some (like infomirx for example... don't know about Oracle) have sets and arrays interchangeable - so that setObject (1, sqlArrayContainingIdsToMatch, Types.ARRAY) can be used... Some people are used to hacks, like one described in an earlier post - where yuo create a statement with an awful lot of questionmarks, and then set each member of the set separately and cross your fingers, hoping that you have enough placeholders for your whole set... Dima
В списке pgsql-jdbc по дате отправления: