On 12/21/05, Mark Matthews <mark@stripped> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Nathan Gross wrote:
> > On 12/21/05, Hassan Schroeder <hassan@stripped> wrote:
> >> Nathan Gross wrote:
> >>>> /* hint: java.sql.PreparedStatement */
> >>> I thought we are talking about a mysql specific function, which would
> >>> not be in the vanilla j2se/j2ee pkg's. Actually, you know, I don't
> >>> even know exactly what function I need to be looking for!
> >> We're talking about escaping certain characters automatically, the
> >> capability provided by PreparedStatements, implemented in this case
> >> by Connector/J, which *is* MySQL-specific :-)
> > Woa! Let me verify. If I pass a qry string:
> > "SELECT Anyfield from Anytable where Anyfield = 'The man was 100% correct' "
> > to a Connector/J Statement (or PreparedStatement via parameters), the
> > driver will automatically [behind the scenes] escape the percent sign?
> > If so, wow!
> > Thanks;
> > -nat
> No, it does not escape "%", it only escapes quotes and binary data, just
> as any other prepared statement implementation from any vendor does.
> The '%' sign only has significance for the LIKE operator, so it doesn't
> come into play in your above SELECT statement.
True. However, after reviewing everything I learned via this thread, I
still do not know if I have to clean my data, or regardless of any
char within the varchar field, mysql's finding mechanism will not
break, as long as I properly escape various characters in my SELECTs.
It seems like the latter is true, which is welcome news.