[juddi-Developers] jdbc query construction approaches

[Jin Tong <ni...@yahoo.com>]

Hi:

I feel it is better to send to this list rather than
the uses list.

Well I hit a bug in Systinet UDDI server (v4.5). When
I was doing any 
kind of search using a string that contains "'" --
apostrophe, I got the 
sql error. Apostrophes are not properly escaped in
their SQL. This leads 
me to try out jUDDI. I found the same thing.

I realize in jUDDI all the sql queries are built on
the fly be appending 
the query parameters. It is going to be a long list of
bug report for 
this issue.

Using prepared statement might complicate the code
even further, but it 
avoids with the above special sql character problem
and also will help 
improve performance (I heard in the case of Oracle db,
e.g., their jdbc 
drivers will optimize for prepared statement).
However, just to get it 
to work, some generic routine to properly escape all
the sql characters 
will also fine.

Thanks,
--Jin
BTW, Systinet UDDI 4.5.2 seem to have resolved this
sql problem:)



__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com