| From: | Christopher Masto <chris(at)netmonger(dot)net> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Escaping strings for inclusion into SQL queries |
| Date: | 2001-08-23 18:09:24 |
| Message-ID: | 20010823140924.B31597@netmonger.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Aug 22, 2001 at 05:16:44PM +0000, Florian Weimer wrote:
> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq. A sample implementation is
> provided below, along with documentation.
I use Perl, which (through DBD::Pg) has a "quote" function available,
but I think this is a very good idea to include in the library.
I only have one issue - the SQL standard seems to support the use
of '' to escape a single quote, but not \'. Though PostgreSQL has
an extended notion of character string literals, I think that the
usual policy of using the standard interface when possible should
apply.
--
Christopher Masto Senior Network Monkey NetMonger Communications
chris(at)netmonger(dot)net info(at)netmonger(dot)net http://www.netmonger.net
Free yourself, free your machine, free the daemon -- http://www.freebsd.org/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-08-23 18:44:19 | Re: [JDBC] New backend functions? [was Re: JDBC changes for 7.2... some questions...] |
| Previous Message | jason.ory | 2001-08-23 17:47:01 | Toast, Text, blob bytea Huh? |