| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Peter <peter(at)greatnowhere(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Weird double single quote issue |
| Date: | 2006-11-02 14:12:36 |
| Message-ID: | 20061102141236.GA2516@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Nov 02, 2006 at 01:35:41PM +0200, Peter wrote:
> It is like the weirdest thing ever...
>
> I have a proc that dynamically generates SQL, executes it and returns
> results as setof record. Some of fields are strings with single quotes
> inside them. Since these strings are being picked up from database I
> store them as:
<snip>
Not quite sure, but maybe some users are using inline parameters and
some are using out of line parameters? The quoting rules only apply to
inline paramaters.
In any case, it appears someone is screwing up the quoting somewhere...
Note that there are quoting functions to help create dynamic sql
safely.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2006-11-02 14:14:24 | Re: compiling c-function on various version |
| Previous Message | Ron Johnson | 2006-11-02 14:08:12 | Re: Grouping My query |