Skip site navigation (1) Skip section navigation (2)

Re: BUG #2478: PQescapeStringConn

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Ian Howle <Ian(at)qwizdom(dot)com>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #2478: PQescapeStringConn
Date: 2006-06-13 12:58:10
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-bugs
Ian Howle wrote:
> The following bug has been logged online:
> Bug reference:      2478
> Logged by:          Ian Howle
> Email address:      Ian(at)qwizdom(dot)com
> PostgreSQL version: 8.1.4
> Operating system:   Mac OS X 10.4.6
> Description:        PQescapeStringConn
> Details: 
> When inserting into a TEXT or VARCHAR() table field, single quotes are
> needed around the text. When using the PQescapeStringConn(), the beginning
> and ending single quotes are escaped, causing the INSERT statement to fail.
> I understand that this really isn't a bug and that the text being insterted
> into the database should be scanned using PQescapeStringConn() before adding
> the surrounding quotes.
> I have a single method that deals with inserting data into the database,
> which is called from many places throughout the application. It would be
> nice if PQescapeStringConn() did not escape beginning and ending quotes,
> just everything in between.

What if the string itself starts and ends with single quotes?  How would
we know whether to escape them?  What people usually do is to have the
single-quotes in their query, and just place the PQescapeStringConn()
inside those single quotes.

  Bruce Momjian

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-bugs by date

Next:From: Tom LaneDate: 2006-06-13 14:55:32
Subject: Re: BUG #2477: Aggregate Integer divisors incorrectly yield integer-type quotient
Previous:From: GuyDate: 2006-06-12 20:09:24
Subject: Compile Errors, 8.1.4 On Solaris 8 x86

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group