| From: | Matthew Schumacher <matt(dot)s(at)aptalaska(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Backslash problems with 8.1.4 |
| Date: | 2006-06-07 17:44:33 |
| Message-ID: | 44871081.6010209@aptalaska.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Tom Lane wrote:
> Matthew Schumacher <matt(dot)s(at)aptalaska(dot)net> writes:
>> I upgraded to postgres-8.1.4 and saw all of the backslash escape changes
>> and understand why, but I can't figure out how to put a literal \' in
>> the database.
>
> You use the SQL-standard way, which is to repeat the quote mark:
> 'Meet at Joe''s house'
>
>> The data is coming from PHP,
>
> I have met your problem, and its name is addslashes(). Don't use it.
> addslashes is exactly the security hole we are trying to plug.
>
> regards, tom lane
Thanks for the reply Tom, however I don't think you understand my issue.
I'm not using addslashes and I am using the SQL standard way to
escape a single quote. The problem is that I want to put a literal \'
inside the database. So if \ is no longer an escape character, and ''
is the SQL way to pass a literal ' then you would think that \'' would
put a literal \' into the database, however postgres rejects this and
spits out an error.
So the question isn't how to I escape ', the question is how do I insert
a literal \' into a varchar?
Thanks,
schu
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-06-07 17:46:50 | Re: Backslash problems with 8.1.4 |
| Previous Message | Tom Lane | 2006-06-07 17:26:26 | Re: Backslash problems with 8.1.4 |