On 21.01.02 11:42 +0100(+0000), Jordi wrote:
> Is there any way to change the start/end of Text field character or do you
> know a better workaround to avoid parsing/changing all the text fields just
> in case they contain the single quote ( ') character??.
>
In case the data comes from outside you *must* escape it. Libpq defines a
function for it called PQescapeString. Consider what would happen if you
had code like this:
char buf[BUF_SIZE];
snprintf(buf,BUF_SIZE,"SELECT * FROM mytable WHERE field='%s';",string_from_user);
PQexec(con,buf);
now lets say the user would enter a value like
0';DELETE FROM mytable;SELECT '1
and the db would see
SELECT * FROM mytable WHERE field='0';DELETE FROM mytable;SELECT '1';
- Einar Karttunen