On 12/21/05, Hassan Schroeder <hassan@stripped> wrote:
> Nathan Gross wrote:
> > Woa! Let me verify. If I pass a qry string:
> > "SELECT Anyfield from Anytable where Anyfield = 'The man was 100% correct' "
> > to a Connector/J Statement (or PreparedStatement via parameters), the
> > driver will automatically [behind the scenes] escape the percent sign?
> Again, this is a function of *PreparedStatement*s. You'll also find
> references to them as you research "SQL injection attack" :-)