Quick Links

Re: [PROPOSAL] DML value format

From:	Michael Glaesemann <grzm(at)seespotcode(dot)net>
To:	Alejandro Torras <atec_post(at)yahoo(dot)es>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: [PROPOSAL] DML value format
Date:	2007-08-10 14:04:45
Message-ID:	97567662-EA91-43A4-9D10-2FD01A1C8649@seespotcode.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Aug 10, 2007, at 5:56 , Alejandro Torras wrote:

> Is there some way to put values in a INSERT statement
> without taking care of apostrophes?
>
> In example:
> INSERT INTO persons VALUES ('Harry', 'O'Callaghan');

This is pretty much a solved problem: don't interpolate into SQL
statements. Use bind parameters (and prepared statements, if you have
them) instead. For example

sth = dbh.prepare "INSERT INTO persons (given_name, family_name)
VALUES (?, ?)"
sth.execute("Harry", "O'Callaghan")

Michael Glaesemann
grzm seespotcode net

In response to

[PROPOSAL] DML value format at 2007-08-10 10:56:06 from Alejandro Torras

Browse pgsql-general by date

	From	Date	Subject
Next Message	Alan J Batsford	2007-08-10 15:34:22	Problem Designing Index
Previous Message	Brad Nicholson	2007-08-10 14:02:08	Cluster and MVCC