| From: | Andrew Gierth <andrew(at)tao11(dot)riddles(dot)org(dot)uk> |
|---|---|
| To: | pgsql-bugs(at)lists(dot)postgresql(dot)org, bubthegreat(at)gmail(dot)com |
| Subject: | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |
| Date: | 2018-10-31 16:51:43 |
| Message-ID: | 87wopy5aj2.fsf@news-spur.riddles.org.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
>>>>> "PG" == PG Bug reporting form <noreply(at)postgresql(dot)org> writes:
PG> A simple table elaborating on the escapes for each special
PG> character would be incredibly helpful at determining how to
PG> translate those escapes for cleaning strings prior to insertion so
PG> those of us using postgresql can quickly write cleaning functions
PG> for data.
If you're "writing cleaning functions" you're already making a serious
mistake, because you should be passing data values as parameters (which
do not require escapes) rather than interpolating into the query string.
If you actually do need to interpolate into the query string for some
reason (like doing COPY or other utility statement that doesn't support
parameters), then you should be using the quote/escape functions
provided by the driver for your client language (e.g. in libpq there is
PQescapeStringConn).
--
Andrew (irc:RhodiumToad)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Taylor | 2018-10-31 17:23:03 | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |
| Previous Message | David G. Johnston | 2018-10-31 16:40:59 | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation |