You will notice queries are passed to the database as ordinary strings. This makes programming very easy. You can easily create queries by creating query strings:
char query_string[500];
char name[50];
int unique_id;
sprintf(query_string, "SELECT * FROM tab WHERE col = %d", unique_id);
res = PQexec(conn, query_string);
or
sprintf(query_string, "INSERT INTO tab VALUES (%d, '%s')", unique_id, name);
res = PQexec(conn, query_string);
You can see more examples in the programs in the previous section.
The result handle should be checked to make sure the query succeeded before continuing to access the result. In the last query, name is a character string variable. If it contains single quotes, you have to convert them to backslash-quote (\') or two single-quotes (''). If name contains backslashes, you have to convert them to double backslashes (\\).