From: | Saranya Sivakumar <sarlavk(at)yahoo(dot)com> |
---|---|
To: | pgsqlnovice <pgsql-novice(at)postgresql(dot)org> |
Subject: | function to escape single quotes |
Date: | 2005-08-24 13:39:41 |
Message-ID: | 20050824133941.19186.qmail@web51309.mail.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Hi,
I would like to write a PL/PGSQL function that would escape any occurence of single quotes in a string, and call this function before inserting the unescaped strings into some tables. Is this a good approach to make sure all strings are escaped before inserting into tables? I thought this would be a good idea as there would be a single point of control on escaping the strings.
For example, in our customer_data table we have the fields firstname,lastname, street etc. Some people's name have single quotes in them, and some people have addresses with single quotes in them. So I need to write a function that would take any string, see if it has a quote in it and escape it. Then, is it possible to write a trigger before inserting to call this function and then perform the insert??
Please give me some pointers on writing this function and creating the trigger.
Thanks,
Saranya
---------------------------------
Start your day with Yahoo! - make it your home page
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-08-24 15:13:59 | Re: function to escape single quotes |
Previous Message | Ennio-Sr | 2005-08-24 01:01:21 | Form to populate a pg table with data |