Home > mailing lists

Re: How to escape to quotes on Insert into? - Mailing list pgsql-general

From	Bill Moran
Subject	Re: How to escape to quotes on Insert into?
Date	December 21, 2011 20:05:06
Msg-id	20111221160436.b6bc529c.wmoran@potentialtech.com Whole thread Raw
In response to	How to escape to quotes on Insert into? (Andre Lopes <lopes80andre@gmail.com>)
Responses	Re: How to escape to quotes on Insert into? (Andre Lopes <lopes80andre@gmail.com>)
List	pgsql-general

Tree view

In response to Andre Lopes <lopes80andre@gmail.com>:

> Hi,
>
> I need to escape quotes on an insert into that have a quote like this:
>
> http://host.com/cond'nast
>
> How can I escape " ' " on an insert into?

It depends:

The best way is to pass the string as a parametrized query, then you don't
have to escape anything.

The second best way is to use the string escape function for whatever
language your programming in.

If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.

If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

pgsql-general by date:

From: Andre Lopes
Date: 21 December 2011, 19:57:35
Subject: How to escape to quotes on Insert into?

From: Culley Harrelson
Date: 21 December 2011, 20:07:17
Subject: Re: design help for performance

Re: How to escape to quotes on Insert into? - Mailing list pgsql-general

Previous

Next