| From: | Jean-Luc Lachance <jllachan(at)nsd(dot)ca> |
|---|---|
| To: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
| Cc: | MT <mt(at)open2web(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org>, Carlos Moreno <moreno(at)mochima(dot)com> |
| Subject: | Re: UPDATE syntax problem |
| Date: | 2002-12-09 16:36:46 |
| Message-ID: | 3DF4C69E.CF9BACDF@nsd.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Just to keep it clean, replace the last character with space before
adding "WHERE ...".
Martijn van Oosterhout wrote:
>
> On Sat, Dec 07, 2002 at 02:32:48PM -0500, MT wrote:
> > Hi,
> >
> > I'm developing a C++ script to update postgresql database records. The
> > user interacts with the script via an html form. That is, the user is
> > presented with the data from a particular record in an html form and
> > asked to update any number of fields in that record.
> >
> > To perform a multiple column update in postgres one does:
> >
> > UPDATE tablename
> > SET column1 = 'blahblah',
> > column2 = 'moreblahblah',
> > column3 = 1234
> > WHERE id = 555;
>
> Heh, my cheap and hacky why is to end each column = value clause with a
> comma. Then i finish it off with a "id=id WHERE ...". That clause becomes a
> noop and the syntax is fine.
>
> Oh yeah, check out the SQL injection attacks. Nasty :)
> --
> Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> > Support bacteria! They're the only culture some people have.
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Crawford | 2002-12-09 16:56:21 | Re: bug? |
| Previous Message | pginfo | 2002-12-09 15:55:24 | Re: pg 7.3 memory error |