Skip site navigation (1) Skip section navigation (2)

Re: Escaping strings for inclusion into SQL queries

From: Christopher Masto <chris(at)netmonger(dot)net>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Escaping strings for inclusion into SQL queries
Date: 2001-08-23 18:09:24
Message-ID: 20010823140924.B31597@netmonger.net (view raw, whole thread or download thread mbox)
Thread:
Lists: pgsql-hackers
On Wed, Aug 22, 2001 at 05:16:44PM +0000, Florian Weimer wrote:
> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq.  A sample implementation is
> provided below, along with documentation.

I use Perl, which (through DBD::Pg) has a "quote" function available,
but I think this is a very good idea to include in the library.

I only have one issue - the SQL standard seems to support the use
of '' to escape a single quote, but not \'.  Though PostgreSQL has
an extended notion of character string literals, I think that the
usual policy of using the standard interface when possible should
apply.
-- 
Christopher Masto         Senior Network Monkey      NetMonger Communications
chris(at)netmonger(dot)net        info(at)netmonger(dot)net        http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2001-08-23 18:44:19
Subject: Re: [JDBC] New backend functions? [was Re: JDBC changes for 7.2... some questions...]
Previous:From: jason.oryDate: 2001-08-23 17:47:01
Subject: Toast, Text, blob bytea Huh?

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group