Hi,
I don't know what programming language you are using but there's
surely a function named quote which will do that for you.
With perl DBI you can use it like this :
quote :
Quote a string literal for use as a literal value in an SQL statement
by
escaping any special characters (such as quotation marks) contained
within the string and adding the required type of outer quotation
marks.
$sql = $dbh->quote($string);
Regards
Gilles DAROLD
Oleg Lebedev wrote:
> Hello,
> I am using postgresql to store data passed from a web page. A user may
> enter whatever text she wants on that web page. Do I have to prepend all
> the illegal characters in the text with backslashes before storing the
> text in the database? Is there any way to make postgresql prepend these
> illegal characters for me?
> Example:
> I have an entry 'foo/bar' in a database table (it was stored as
> 'foo/bar' NOT as 'foo\/bar', when I try to search for all rows that
> contain entry 'foo/bar', I get no results.
> Any help will be greatly appreciated.
> Thanks
