Manually construct SQL with binary data in Java.

views:

answers:

Manually construct SQL with binary data in Java.

I have a small program that manually creates queries. In pseudo code, it's basically done like this

string[] a = new string[x]; a[0] = "data 1"; a[1] = "data 2"; a[2] = "data 3"; string query = "insert into x (y) values("; for i { query += a[i] + ","; } query += ");";

I'm aware that this usage is sub-optimal and I should do a complete re-write at some point. Now I need to add some binary data to the a-array. Given a byte[] b, how can I add it to the query? I haven't tried, but I'm assuming that b.toString() or just query+=b is gonna corrupt my data?

+4 A:

Don't put it in the SQL to start with. Use a parameterized query: it'll be a lot easier, and won't risk SQL injection attacks.

Jon Skeet 2010-09-09 12:10:55

I know, I know. Call me lazy but right now I'd really like to "just get it to work". The whole script, which is much larger, is gonna need to be rewritten from scratch all together in the future, but I would really like to get this to work without that.

Claes 2010-09-09 12:13:35

@Claes: Doing it properly with a parameterized query is likely to be simpler than fudging it to do it the wrong way. Parameterized queries aren't hard to write. Also note that if you want *binary* data, starting with a string isn't a great idea.

Jon Skeet 2010-09-09 12:14:56

Hang on, why am i upvoting Jon Skeet? Isn't his name actually pronounced 'Jon Upwards-pointing-orange-arrow-with-a-large-integer-next-to-it'?

Tom Anderson 2010-09-09 12:27:56

@Tom: Ok, I can take a hint ;) I know that what I'm doing is wrong, I shall repent. Thanks Jon.

Claes 2010-09-09 12:32:08

ansaurus

tags:

views:

answers:

Manually construct SQL with binary data in Java.

related questions