| From: | Bill Moran <wmoran(at)potentialtech(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: How to escape to quotes on Insert into? |
| Date: | 2011-12-21 21:04:36 |
| Message-ID: | 20111221160436.b6bc529c.wmoran@potentialtech.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
In response to Andre Lopes <lopes80andre(at)gmail(dot)com>:
> Hi,
>
> I need to escape quotes on an insert into that have a quote like this:
>
> http://host.com/cond'nast
>
> How can I escape " ' " on an insert into?
It depends:
The best way is to pass the string as a parametrized query, then you don't
have to escape anything.
The second best way is to use the string escape function for whatever
language your programming in.
If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.
If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');
--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Culley Harrelson | 2011-12-21 21:06:59 | Re: design help for performance |
| Previous Message | Andre Lopes | 2011-12-21 20:57:17 | How to escape to quotes on Insert into? |