Re: BUG #2228: escaped single quotes choke spi_exec_query in - Mailing list pgsql-bugs

On Wed, 1 Feb 2006, Tom Lane wrote:

> michael <michael@galton.ucl.ac.uk> writes:
> > On Wed, 1 Feb 2006, Tom Lane wrote:
> >> It's hardly a bug that you get a syntax error when $data contains
> >> a single quote.  It's up to you to construct a well-formed query
> >> string to give to spi_exec_query, and this code is not doing that.
>
> > As I understand it the  input strings are correctly escaped
>
> > INSERT INTO test VALUES ('No problem here');
> > INSERT INTO test VALUES ('It''s a problem here');
> > INSERT INTO test VALUES ('It\'s also a problem here');
>
> Yeah, but by the time your trigger sees it, the data isn't escaped
> anymore.

The light dawns,  Thankyou very much for clearing that up for me!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Michael John Lush PhD            Tel:44-20-7679-5027
Nomenclature Bioinformatician        Fax:44-20-7387-3496
HUGO Gene Nomenclature Committee    Email:  nome@galton.ucl.ac.uk
The Galton Laboratory
University College London, UK
URL: http://www.gene.ucl.ac.uk/nomenclature/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~