I’m using the Statement’s for executeUpdate and executeQuery. The string values I’m concatenating into

Question

0

Asked: May 24, 20262026-05-24T06:29:58+00:00 2026-05-24T06:29:58+00:00

I’m using the Statement’s for executeUpdate and executeQuery. The string values I’m concatenating into

0

I’m using the Statement’s for executeUpdate and executeQuery. The string values I’m concatenating into the SQL query can contain at least the '\ character as well as Unicode.

PreparedStatement seems to do this automatically, but is there some utility function in the JDBC library to escape an arbitrary string for use in a SQL query?

Example errors I’ve ran into:

org.postgresql.util.PSQLException: ERROR: unterminated quoted string at or near

and

org.postgresql.util.PSQLException: ERROR: invalid Unicode escape
  Hint: Unicode escapes must be \uXXXX or \UXXXXXXXX.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T06:29:59+00:00

No, it’s not part of JDBC, and it’s different for different database management systems. You should really use PreparedStatement for queries with parameters. This is more secure and it can perform better since the query can be compiled.

See 4.1. SQL Syntax – Lexical Structure in the PostgreSQL manual.

E.g.

The following less trivial example writes the Russian word “slon” (elephant) in Cyrillic letters:

U&"\0441\043B\043E\043D"

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m using the Statement’s for executeUpdate and executeQuery. The string values I’m concatenating into

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply