• Post Reply Bookmark Topic Watch Topic
  • New Topic

PreparedStatement's with Oracle 8i....

 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I noticed that there is no need to escape special characters such as "'" when using PreparedStatements. In other words, the following code executes without error...
PreparedStatment st =
connection.prepareStatement( "INSERT INTO Product values ( ?,?)");
st.setInt( 1, 1);
st.setString( 2, "Hello ' World");
st.execute();
I'm assuming that the Oracle driver is aware of escaping special characters in string arguments, but I know for a fact that if I use Statement instead of PreparedStatement, I get an SQLException complaining about a string termination error.
I just want to confirm with you guys that PreparesStatement actually escapes strings automatically.
SAF
 
Jamie Robertson
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's the best feature of PreparedStatements, they handle special characters for you. Your assumptions are correct.
Jamie
 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh yeah, that's the bomb!
thanks jamie
SAF
 
Happiness is not a goal ... it's a by-product of a life well lived - Eleanor Roosevelt. Tiny ad:
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!