@ -8,7 +8,7 @@ import java.util.Vector;
import org.postgresql.largeobject.* ;
import org.postgresql.util.* ;
/ * $Header : / cvsroot / pgsql / src / interfaces / jdbc / org / postgresql / jdbc1 / Attic / AbstractJdbc1Statement . java , v 1 . 12 . 2 . 4 2003 / 04 / 17 04 : 19 : 5 5barry Exp $
/ * $Header : / cvsroot / pgsql / src / interfaces / jdbc / org / postgresql / jdbc1 / Attic / AbstractJdbc1Statement . java , v 1 . 12 . 2 . 5 2003 / 07 / 22 05 : 13 : 0 5barry Exp $
* This class defines methods of the jdbc1 specification . This class is
* extended by org . postgresql . jdbc2 . AbstractJdbc2Statement which adds the jdbc2
* methods . The real Statement class ( for jdbc1 ) is org . postgresql . jdbc1 . Jdbc1Statement
@ -913,22 +913,36 @@ public abstract class AbstractJdbc1Statement implements org.postgresql.PGStateme
{
sbuf . setLength ( 0 ) ;
sbuf . ensureCapacity ( x . length ( ) ) ;
int i ;
sbuf . append ( '\'' ) ;
for ( i = 0 ; i < x . length ( ) ; + + i )
{
char c = x . charAt ( i ) ;
if ( c = = '\\' | | c = = '\'' )
sbuf . append ( ( char ) '\\' ) ;
sbuf . append ( c ) ;
}
escapeString ( x , sbuf ) ;
sbuf . append ( '\'' ) ;
bind ( parameterIndex , sbuf . toString ( ) , type ) ;
}
}
}
private String escapeString ( String p_input ) {
// use the shared buffer object. Should never clash but this makes
// us thread safe!
synchronized ( sbuf )
{
sbuf . setLength ( 0 ) ;
sbuf . ensureCapacity ( p_input . length ( ) ) ;
escapeString ( p_input , sbuf ) ;
return sbuf . toString ( ) ;
}
}
private void escapeString ( String p_input , StringBuffer p_output ) {
for ( int i = 0 ; i < p_input . length ( ) ; + + i )
{
char c = p_input . charAt ( i ) ;
if ( c = = '\\' | | c = = '\'' )
p_output . append ( ( char ) '\\' ) ;
p_output . append ( c ) ;
}
}
/ *
* Set a parameter to a Java array of bytes . The driver converts this
* to a SQL VARBINARY or LONGVARBINARY ( depending on the argument ' s
@ -1342,7 +1356,7 @@ public abstract class AbstractJdbc1Statement implements org.postgresql.PGStateme
switch ( targetSqlType )
{
case Types . INTEGER :
bind ( parameterIndex , x . toString ( ) , PG_INTEGER ) ;
bind ( parameterIndex , escapeString ( x . toString ( ) ) , PG_INTEGER ) ;
break ;
case Types . TINYINT :
case Types . SMALLINT :
@ -1355,7 +1369,7 @@ public abstract class AbstractJdbc1Statement implements org.postgresql.PGStateme
if ( x instanceof Boolean )
bind ( parameterIndex , ( ( Boolean ) x ) . booleanValue ( ) ? "1" : "0" , PG_BOOLEAN ) ;
else
bind ( parameterIndex , x . toString ( ) , PG_NUMERIC ) ;
bind ( parameterIndex , escapeString ( x . toString ( ) ) , PG_NUMERIC ) ;
break ;
case Types . CHAR :
case Types . VARCHAR :
@ -1763,15 +1777,12 @@ public abstract class AbstractJdbc1Statement implements org.postgresql.PGStateme
}
/ *
* There are a lot of setXXX classes which all basically do
* the same thing . We need a method which actually does the
* set for us .
*
* @param paramIndex the index into the inString
* @param s a string to be stored
* @exception SQLException if something goes wrong
* Note if s is a String it should be escaped by the caller to avoid SQL
* injection attacks . It is not done here for efficency reasons as
* most calls to this method do not require escaping as the source
* of the string is known safe ( i . e . Integer . toString ( ) )
* /
protected void bind ( int paramIndex , Object s , String type ) throws SQLException
private void bind ( int paramIndex , Object s , String type ) throws SQLException
{
if ( paramIndex < 1 | | paramIndex > m_binds . length )
throw new PSQLException ( "postgresql.prep.range" ) ;
Barry Lind
23 years ago