| From: | Mike Taylor <bubthegreat(at)gmail(dot)com> |
|---|---|
| To: | andrew(at)tao11(dot)riddles(dot)org(dot)uk |
| Cc: | pgsql-bugs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |
| Date: | 2018-10-31 17:23:03 |
| Message-ID: | CAPMqW6uqaAf0o8D_U-fEwPBSZD7OPZ-QW6nsGkYv=0MxSL=e8A@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
tl;dr: If this is just an RTFM moment, then I'm happy to chalk it up to
that and move on with my life. :)
I'm coming from a background of devops (mostly python/C++), not database
administration, so this may be something that's fairly straightforward for
a different audience - but this wasn't clear to me as someone who's coming
into it from the outside. An obscure stackoverflow answer is where I
landed how to fix it rather than being able to find it in the
documentation, so I figured I'd submit it as an improvement request. If
I'm super off base on it not being clear, then feel free to close - but I
felt like the point of documentation is that it should answer those kinds
of questions rather than googling other places. Even just a link to the
documentation for those would be very helpful as a "Looking for this? It's
<here>" for the special character documentation that David mentioned would
have been extremely helpful IMHO.
On Wed, Oct 31, 2018 at 10:51 AM Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk>
wrote:
> >>>>> "PG" == PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
>
> PG> A simple table elaborating on the escapes for each special
> PG> character would be incredibly helpful at determining how to
> PG> translate those escapes for cleaning strings prior to insertion so
> PG> those of us using postgresql can quickly write cleaning functions
> PG> for data.
>
> If you're "writing cleaning functions" you're already making a serious
> mistake, because you should be passing data values as parameters (which
> do not require escapes) rather than interpolating into the query string.
>
> If you actually do need to interpolate into the query string for some
> reason (like doing COPY or other utility statement that doesn't support
> parameters), then you should be using the quote/escape functions
> provided by the driver for your client language (e.g. in libpq there is
> PQescapeStringConn).
>
> --
> Andrew (irc:RhodiumToad)
>
--
Mike Taylor
bubthegreat(at)gmail(dot)com
(801)913-9767
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Taylor | 2018-10-31 17:23:21 | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |
| Previous Message | Andrew Gierth | 2018-10-31 16:51:43 | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |