Home > mailing lists

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Christopher Masto
Subject	Re: Escaping strings for inclusion into SQL queries
Date	August 23, 2001 17:46:58
Msg-id	20010823140924.B31597@netmonger.net Whole thread Raw
In response to	Escaping strings for inclusion into SQL queries (Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>)
Responses	Re: Re: Escaping strings for inclusion into SQL queries
List	pgsql-hackers

Tree view

On Wed, Aug 22, 2001 at 05:16:44PM +0000, Florian Weimer wrote:
> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq.  A sample implementation is
> provided below, along with documentation.

I use Perl, which (through DBD::Pg) has a "quote" function available,
but I think this is a very good idea to include in the library.

I only have one issue - the SQL standard seems to support the use
of '' to escape a single quote, but not \'.  Though PostgreSQL has
an extended notion of character string literals, I think that the
usual policy of using the standard interface when possible should
apply.
-- 
Christopher Masto         Senior Network Monkey      NetMonger Communications
chris@netmonger.net        info@netmonger.net        http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/

pgsql-hackers by date:

From: jason.ory@ndchealth.com
Date: 23 August 2001, 17:33:34
Subject: Toast, Text, blob bytea Huh?

From: Peter Eisentraut
Date: 23 August 2001, 18:02:20
Subject: Re: A couple items on TODO

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next