Quick Links

Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	"Michael Lush" <michael(at)galton(dot)ucl(dot)ac(dot)uk>
Cc:	pgsql-bugs(at)postgresql(dot)org
Subject:	Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu
Date:	2006-02-01 15:26:28
Message-ID:	410.1138807588@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-bugs

"Michael Lush" <michael(at)galton(dot)ucl(dot)ac(dot)uk> writes:
> CREATE OR REPLACE FUNCTION quote_bug(text) RETURNS text AS
> $$
> $data = $_[0];

> $sql = "SELECT *
> FROM test
> WHERE foo = '$data'";

> $rv_unique = spi_exec_query($sql);

It's hardly a bug that you get a syntax error when $data contains
a single quote. It's up to you to construct a well-formed query
string to give to spi_exec_query, and this code is not doing that.

regards, tom lane

In response to

BUG #2228: escaped single quotes choke spi_exec_query in plperlu at 2006-01-31 16:58:41 from Michael Lush

Responses

Re: BUG #2228: escaped single quotes choke spi_exec_query in at 2006-02-01 15:32:40 from michael

Browse pgsql-bugs by date

	From	Date	Subject
Next Message	Tom Lane	2006-02-01 15:28:04	Re: BUG #2229: Parsing error in Functions Grant Wizard
Previous Message	Tom Lane	2006-02-01 15:23:09	Re: BUG #2225: Backend crash -- BIG table