From: Date: December 21 2005 9:52pm
Subject: Re: Cleaning illegal characters from varchar field
List-Archive: http://lists.mysql.com/mysql/193132
Message-Id: <bcf044ae0512211252l195a4b8fr8fe4779dbe1038a8@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 12/21/05, Hassan Schroeder <hassan@stripped> wrote:
> Nathan Gross wrote:
>
> > Woa! Let me verify. If I pass a qry string:
> >  "SELECT Anyfield from Anytable where Anyfield =3D 'The man was 100% co=
rrect' "
> > to a Connector/J Statement (or PreparedStatement via parameters), the
> > driver will automatically [behind the scenes] escape the percent sign?
>
> Again, this is a function of *PreparedStatement*s. You'll also find
> references to them as you research "SQL injection attack" :-)
>
Will do.
Thanks;
-nat