| From: | Conrad Lender <crlender(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | standard_conforming_strings and pg_escape_string() |
| Date: | 2009-04-23 19:33:11 |
| Message-ID: | 49F0C277.6020805@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi.
I'm using PostgreSQL 8.3 with PHP's "pgsql" module (libpq 8.3.7). When
the server's standard_conforming_strings setting is off (this is
currently still the default, I believe), I use something like this to
escape strings:
if ($escWildcards) {
$str = strtr($str, array("%" => '\%', "_" => '\_'));
}
return "E'" . pg_escape_string($str) . "'";
I would like our database abstraction to be able to handle both settings
for standard_conforming_strings transparently, i.e. perform the escaping
according to the current DB server settings. Since pg_escape_string() is
aware of the current database connection, I had expected its behavior to
change accordingly:
no std strings:
x\y --> x\\y
with std strings:
x\y --> x\y
Unfortunately, this doesn't happen. Isn't pg_escape_string() the
preferred way to escape strings for PostgreSQL in PHP?
And finally, would it be safe to always use the E'\\' syntax, regardless
of how standard_conforming_strings is set on the server?
- Conrad
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ben Welsh | 2009-04-23 20:39:04 | OperationalError: FATAL: could not open file <filename>: Too many open files in system |
| Previous Message | Merlin Moncure | 2009-04-23 19:21:03 | Re: Dynamic SQL in Function |