On Wed, 2005-04-20 at 13:05, David Gagnon wrote:
> Hi Scott,
>
>
> >I would generally scrub the input before it go to postgresql. Basically
> >do a simple string_replace type function that replaces anything that
> >ISN'T alphanum with nothing.
> >
> >
> >
> If I change the original string the user may not get what he expects as
> result. abc[d] is not the samething than abcd... am I right?
Then replace it with properly escaped strings:
abc[d] becomes abc\[d\]
