Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

PreparedStatement's with Oracle 8i....

 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I noticed that there is no need to escape special characters such as "'" when using PreparedStatements. In other words, the following code executes without error...
PreparedStatment st =
connection.prepareStatement( "INSERT INTO Product values ( ?,?)");
st.setInt( 1, 1);
st.setString( 2, "Hello ' World");
st.execute();
I'm assuming that the Oracle driver is aware of escaping special characters in string arguments, but I know for a fact that if I use Statement instead of PreparedStatement, I get an SQLException complaining about a string termination error.
I just want to confirm with you guys that PreparesStatement actually escapes strings automatically.
SAF
 
Jamie Robertson
Ranch Hand
Posts: 1879
MySQL Database Suse
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That's the best feature of PreparedStatements, they handle special characters for you. Your assumptions are correct.
Jamie
 
SAFROLE YUTANI
Ranch Hand
Posts: 257
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh yeah, that's the bomb!
thanks jamie
SAF
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic