| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Ian Howle <Ian(at)qwizdom(dot)com> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #2478: PQescapeStringConn |
| Date: | 2006-06-13 12:58:10 |
| Message-ID: | 200606131258.k5DCwAs19742@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Ian Howle wrote:
>
> The following bug has been logged online:
>
> Bug reference: 2478
> Logged by: Ian Howle
> Email address: Ian(at)qwizdom(dot)com
> PostgreSQL version: 8.1.4
> Operating system: Mac OS X 10.4.6
> Description: PQescapeStringConn
> Details:
>
> When inserting into a TEXT or VARCHAR() table field, single quotes are
> needed around the text. When using the PQescapeStringConn(), the beginning
> and ending single quotes are escaped, causing the INSERT statement to fail.
> I understand that this really isn't a bug and that the text being insterted
> into the database should be scanned using PQescapeStringConn() before adding
> the surrounding quotes.
>
> I have a single method that deals with inserting data into the database,
> which is called from many places throughout the application. It would be
> nice if PQescapeStringConn() did not escape beginning and ending quotes,
> just everything in between.
What if the string itself starts and ends with single quotes? How would
we know whether to escape them? What people usually do is to have the
single-quotes in their query, and just place the PQescapeStringConn()
inside those single quotes.
--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-06-13 14:55:32 | Re: BUG #2477: Aggregate Integer divisors incorrectly yield integer-type quotient |
| Previous Message | Guy | 2006-06-12 20:09:24 | Compile Errors, 8.1.4 On Solaris 8 x86 |