Skip site navigation (1) Skip section navigation (2)

Quote problem

From: "Bart Degryse" <Bart(dot)Degryse(at)indicator(dot)be>
To: <pgsql-sql(at)postgresql(dot)org>
Subject: Quote problem
Date: 2007-07-06 14:14:34
Message-ID: 468E6A69.A3DD.0030.0@indicator.be (view raw or flat)
Thread:
Lists: pgsql-sql
Consider a perl function like this
CREATE OR REPLACE FUNCTION public.test(text) RETURNS VOID AS
$body$
  my $var = shift;
  spi_exec_query("INSERT INTO tbltest(field1) VALUES ('$var')");
$body$
LANGUAGE 'plperlu' VOLATILE;
and a table
CREATE TABLE tbltest (
  field1 text
) WITHOUT OIDS;
 
When I call the function like
SELECT test('Do this')
it works. But when I call it like
SELECT test('Don't do that')
it fails (of course). So I call it like
SELECT test('Don''t do that')
It still fails and I do understand why. But how do I solve it in the function?
Using a prepared statement would be a solution, like
  $sel = spi_prepare('SELECT test($1)', 'text');
  spi_exec_prepared($sel, $var);
But I need to get it solved without prepared statements.
What is the best approach considering that $var could contain both
single and double quotes?
Thanks
 
 
 
 
 

pgsql-sql by date

Next:From: Andrew SullivanDate: 2007-07-06 15:02:57
Subject: Re: select from table and add rows.
Previous:From: Gary StainburnDate: 2007-07-06 13:25:08
Subject: select from table and add rows.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group