From: | "Gregory W Burnham" <gburnham(at)sfu(dot)ca> |
---|---|
To: | "S(dot)Ramaswamy" <srswamy(at)giasdl01(dot)vsnl(dot)net(dot)in>, "PETER PAULY" <ppauly(at)usa(dot)net> |
Cc: | <pgsql-sql(at)postgreSQL(dot)org> |
Subject: | Re: [SQL] Odd characters in inserted data... |
Date: | 1998-12-02 16:55:28 |
Message-ID: | 000401be1e14$927876a0$3d063a8e@apemantus.educ.sfu.ca |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-sql |
>PETER PAULY wrote:
>
>> I'm using the "C" interface to write CGI code for a web application. I
allow
>> the user to type data into a particular field, and am storing that data
into a
>> field in a postgres database.
>>
>> The problem is, I have to filter the data that the user entered to remove
any
>> single quotes and other odd characters so that my SQL command doesn't get
>> messed up. I'm building the command with printf and passing the
filtered
>> data from the user as so:
>>
>> update tablename set comment = '%s' where .....
>>
>> And %s is substituted in the printf with the user data. If the user typed
in a
>> single quote, it would cause havoc with the sql statement. My question
is, is
>
>you should substitute single quote with two single quotes
You can also (keeping with 'C' tradition) substitute \' for the single
quote.
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Youngblood | 1998-12-02 21:55:17 | Please help: How to determine largest of two numbers in a query? |
Previous Message | Sferacarta Software | 1998-12-02 16:23:11 | Re: [SQL] Query to eliminate duplicates |