| From: | Michael Glaesemann <grzm(at)seespotcode(dot)net> |
|---|---|
| To: | Osvaldo Rosario Kussama <osvaldo_kussama(at)yahoo(dot)com(dot)br> |
| Cc: | Alejandro Torras <atec_post(at)yahoo(dot)es>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: [PROPOSAL] DML value format |
| Date: | 2007-08-13 16:28:11 |
| Message-ID: | 9E224F0B-8CB3-4475-A5EB-EE942235038C@seespotcode.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Aug 13, 2007, at 11:21 , Osvaldo Rosario Kussama wrote:
> Dollar-Quoted String Constants?
> http://www.postgresql.org/docs/8.2/interactive/sql-syntax-
> lexical.html#SQL-SYNTAX-CONSTANTS
>
> INSERT INTO persons VALUES ($$Harry$$, $$O'Callaghan$$);
Do not interpolate values into SQL literals, regardless of which
literal syntax you're using. Use bind parameters.
> Perhaps use quote_literal() function?
> http://www.postgresql.org/docs/8.2/interactive/functions-string.html
If you're writing a database adapter, maybe. Otherwise, use bind
parameters. They're easier and you shouldn't have to worry about
always remembering to use quote_literal.
Michael Glaesemann
grzm seespotcode net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2007-08-13 16:29:20 | Re: Persistent connections in PHP |
| Previous Message | Osvaldo Rosario Kussama | 2007-08-13 16:21:08 | Re: [PROPOSAL] DML value format |