java resultset.getstring(“col_name”)查询 [英] java resultset.getstring("col_name") query
问题描述
我有一个关于Java中的 ResultSet.getString()
方法的简单查询。
假设数据库列中的值具有 \
这是javas转义字符例如 \\\
或
\t
等
当我将值检索为 getString()
我看到一个更多的转义字符被添加,这个 \\\
的实际含义现在是字符串文字只有。
所以我不得不解压缩java,然后正确使用它。
I have a simple query regarding ResultSet.getString()
method in java for JDBC.
Suppose the value in the Database column is having a \
which is javas escape character e.g. \n
or \t
etc.
When i retrieve the value as getString()
i see one more escape character is getting added and the actual meaning of this \n
is now a string literal only.
So i had to unescape java and then use it properly.
String s= rs.getString("col_name");
当 s
包含`\\\
' :
When s
contains `\n':
System.out.println(s)
输出:
\n
使用apache进行解压缩后,常用 StringEscapeUtils
输出: / p>
After unescaping java using apache common StringEscapeUtils
output:
System.out.println("hi"+s+"hello");
hi
hello
我的问题是谁添加了这个额外的$ $ c> \ before unescaping?
对不起,如果这是一个愚蠢的问题。
My question is who is adding this extra \
before unescaping??
Sorry if it is a dumb question.
推荐答案
JDBC驱动程序不会在结果集
。如果这样做会是非常糟糕的。看看这个简单的例子:
The JDBC driver does no escaping in the ResultSet
. It would be very bad if it does. Look at this simple example:
数据库表 x
确实包含一列 value
。有两行:一个有两个字符的字符串('\'
和'n'
)和一个女巫一个字符串(换行符)。我已经向输出添加了一个字符串长度来进行说明。
The database table x
does contain one column value
. There are two rows: One with a two character string ('\'
and 'n'
) and one witch a one character string (the newline character). I've added a string-length to the output for clarification.
select *, length(value) from x;
value | length
-------+--------
\n | 2
+| 1
|
此表使用JDBC进行读取:
This table is read with JDBC:
Connection db = DriverManager.getConnection( /* these parameters are up to you */ );
Statement st = db.createStatement();
ResultSet rs = st.executeQuery("select value, length(value) from x");
while(rs.next()){
String value = rs.getString(1);
int length = rs.getInt(2);
System.out.println("length="+length+", value='"+value+"'");
}
你看到:到目前为止,没有显式转义到代码的任何地方。输出是:
You see: no explicit escaping anywhere in the code so far. And the output is:
length=2, value='\n'
length=1, value='
'
你看:还没有任何东西被转义 - JDBC。
You see: There is still nothing escaped - neither by the code nor by JDBC.
但是
如果您使用Java文字:如果你这样做:
Things get a bit murky if you mix in Java literals: If you do something like this:
st.execute("insert into x values ('\n')");
然后猜测发生了什么?您还有另一行一个字符!
then guess what happened? You have another row with one character!
length=2, value='\n'
length=1, value='
'
length=1, value='
'
这是因为Java 编译器将两个字符\转换为一个换行符。因此,JDBC驱动程序和数据库只能看到一个字符。
This is because the Java compiler translated the two characters '\n' into one newline character. Hence the JDBC driver and the database only see one character.
但是,如果您已经阅读了一些用户输入,用户将输入 \
和 n
然后没有人会撤销这个,行将包含两个字符。
But if you would have read some userinput and the user would have typed \
and n
then nobody would de-escape this and the row would have contained two characters.
下一步
你说,你使用 StringEscapeUtils
进行明确的转义。那么这将发生:
You say, you do explicit de-escaping using StringEscapeUtils
. Then this would happen:
- 具有一个字符的行将从DB传递到屏幕。
- 具有两个字符的行将由
StringEscapeUtils
更改为包含一个字符的字符串。之后两行看起来和你一样。
- The row with one character will pass unaltered from the DB up to the screen.
- The row with two characters will be changed by
StringEscapeUtils
into a string containing one characters. After that both row look like the same to you.
摘要
不要将编译器的String-Literal转义与JDBC进行转义(不会发生)。
Do not confuse String-Literal escaping by the compiler with escaping by JDBC (which won't happen).
不要添加不必要的转义图层。
Do not add unnecessary escaping layers.
这篇关于java resultset.getstring(“col_name”)查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!