The Hermit Hacker <scrappy@hub.org> writes:
> MySQl has 'mysql_escape_string' in it's client library. Does Pg have
> something like that?
libpq doesn't provide any such function --- perhaps it should, but
on the other hand the amount of code involved is pretty tiny, and
issues like memory allocation/freeing would complicate the definition
of the function.
> if not, what should be escaped?
When generating quoted strings for use in SQL commands, you should
prefix single-quote (') and backslash (\) characters with a backslash.
I think that's all.
COPY IN/OUT data has a different set of rules. There, you can but
don't have to backslash single quotes. You do need to convert returns
and tabs into \n and \t, and of course backslash itself must be doubled.
(If you are using some other character than tab as the field delimiter,
then it'd need backslashing instead.)
Data returned by libpq after a SELECT is not quoted at all.
regards, tom lane
