| From: | Florian Weimer <Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Re: Escaping strings for inclusion into SQL queries |
| Date: | 2001-08-23 20:17:05 |
| Message-ID: | tgg0aio7jy.fsf@mercury.rus.uni-stuttgart.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Christopher Masto <chris(at)netmonger(dot)net> writes:
> I only have one issue - the SQL standard seems to support the use
> of '' to escape a single quote, but not \'. Though PostgreSQL has
> an extended notion of character string literals, I think that the
> usual policy of using the standard interface when possible should
> apply.
The first version escaped ' with ''. I changed it when I noticed that
if \' is used instead, the same function can be used for strings
('...') and identifiers ("...").
In addition, you have to replace \ with \\, so you are forced
to leave the grounds of the standard anyway.
--
Florian Weimer Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2001-08-23 20:25:32 | Re: Remove --enable-syslog? |
| Previous Message | Ned Wolpert | 2001-08-23 20:03:39 | Re: [JDBC] New backend functions? [was Re: JDBC changes for 7.2. |