michael <michael(at)galton(dot)ucl(dot)ac(dot)uk> writes:
> On Wed, 1 Feb 2006, Tom Lane wrote:
>> It's hardly a bug that you get a syntax error when $data contains
>> a single quote. It's up to you to construct a well-formed query
>> string to give to spi_exec_query, and this code is not doing that.
> As I understand it the input strings are correctly escaped
> INSERT INTO test VALUES ('No problem here');
> INSERT INTO test VALUES ('It''s a problem here');
> INSERT INTO test VALUES ('It\'s also a problem here');
Yeah, but by the time your trigger sees it, the data isn't escaped
anymore.
regards, tom lane