From: | "Ian Harding" <ianh(at)tpchd(dot)org> |
---|---|
To: | <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: UPDATE syntax problem |
Date: | 2002-12-09 14:32:52 |
Message-ID: | sdf4395c.056@mail.tpchd.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Using pltcl...
I just strip the comma, if it's there, when I'm all done with the " col = 'value' " bit.
string trimright $sql {,}
We all have our cheap hacks to bear....
The built-in [quote $value] in pltcl is handy for fending off injection attacks.
>>> Martijn van Oosterhout <kleptog(at)svana(dot)org> 12/09/02 02:51AM >>>
On Sat, Dec 07, 2002 at 02:32:48PM -0500, MT wrote:
> Hi,
>
> I'm developing a C++ script to update postgresql database records. The
> user interacts with the script via an html form. That is, the user is
> presented with the data from a particular record in an html form and
> asked to update any number of fields in that record.
>
> To perform a multiple column update in postgres one does:
>
> UPDATE tablename
> SET column1 = 'blahblah',
> column2 = 'moreblahblah',
> column3 = 1234
> WHERE id = 555;
Heh, my cheap and hacky why is to end each column = value clause with a
comma. Then i finish it off with a "id=id WHERE ...". That clause becomes a
noop and the syntax is fine.
Oh yeah, check out the SQL injection attacks. Nasty :)
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Support bacteria! They're the only culture some people have.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2002-12-09 14:45:58 | Re: pg 7.3 memory error |
Previous Message | pginfo | 2002-12-09 14:18:40 | Re: pg 7.3 memory error |