Bug #33302 | Escaped character is escaped in PreparedStatement | ||
---|---|---|---|
Submitted: | 17 Dec 2007 23:27 | Modified: | 18 Dec 2007 1:50 |
Reporter: | James Casey | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server: Prepared statements | Severity: | S2 (Serious) |
Version: | MySQL-Connector for Java 5.0.7 | OS: | Linux |
Assigned to: | CPU Architecture: | Any |
[17 Dec 2007 23:27]
James Casey
[18 Dec 2007 1:50]
Mark Matthews
PreparedStatement.setString() is not expecting to see "mysql escaped" characters, just "plain" Java Strings as per the JDBC specification (and ODBC specification which is was inspired by, and the SQL CLI, etc), so the rules for Java escaping apply, not the ones for MySQL. PreparedStatements do any (necessary) mysql-style escaping on your behalf before sending it to the backend.