Quick Links

Re: Backslash problems with 8.1.4

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Matthew Schumacher <matt(dot)s(at)aptalaska(dot)net>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Backslash problems with 8.1.4
Date:	2006-06-07 17:26:26
Message-ID:	3800.1149701186@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Matthew Schumacher <matt(dot)s(at)aptalaska(dot)net> writes:
> I upgraded to postgres-8.1.4 and saw all of the backslash escape changes
> and understand why, but I can't figure out how to put a literal \' in
> the database.

You use the SQL-standard way, which is to repeat the quote mark:
'Meet at Joe''s house'

> The data is coming from PHP,

I have met your problem, and its name is addslashes(). Don't use it.
addslashes is exactly the security hole we are trying to plug.

regards, tom lane

In response to

Backslash problems with 8.1.4 at 2006-06-07 16:43:06 from Matthew Schumacher

Responses

Re: Backslash problems with 8.1.4 at 2006-06-07 17:44:33 from Matthew Schumacher

Browse pgsql-general by date

	From	Date	Subject
Next Message	Matthew Schumacher	2006-06-07 17:44:33	Re: Backslash problems with 8.1.4
Previous Message	Merlin Moncure	2006-06-07 17:20:17	Re: Import Data from MS SQL Server