james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard O. Hammer" <ROHam...@EarthLink.net>
Subject escaping of SQL strings
Date Sat, 13 Dec 2003 16:53:19 GMT
When James stores message headers or other text in a database, I 
assume that it escapes the single-quote characters in those strings 
(and perhaps a few more characters as needed).  But my look at the 
code this morning does not find that functionality, so I wonder if it 
is happening somewhere I am not looking.

I am looking at these calls:
mailrepository.JDBCMailRepository.store(Mail), which
calls MimeMessageWrapper.writeTo(various)

and I don't see any escaping going on there.

Unfortunately I do not have a running copy of James with which to test 
this myself.

I stumbled into this question when, using my James-offshoot server, I 
sent a test message with a possessive (single quote) in the subject:
Subject: Friday's test
and it failed with
java.sql.SQLException: ERROR:  parser: parse error at or near "s"

So I have to be escaping my headers before I feed them into SQL, and I 
went looking in James for a good idea of a way to do it.  But I have 
not found it yet.

Assuming that James does this escaping, what method does it use?

Thank you,
Rich


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message