Home > mailing lists

Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu
Date	February 1, 2006 14:26:28
Msg-id	410.1138807588@sss.pgh.pa.us Whole thread Raw
In response to	BUG #2228: escaped single quotes choke spi_exec_query in plperlu ("Michael Lush" <michael@galton.ucl.ac.uk>)
Responses	Re: BUG #2228: escaped single quotes choke spi_exec_query in
List	pgsql-bugs

Tree view

"Michael Lush" <michael@galton.ucl.ac.uk> writes:
> CREATE OR REPLACE FUNCTION quote_bug(text) RETURNS text AS
> $$
>    $data = $_[0];

>    $sql = "SELECT *
>              FROM test
>             WHERE foo = '$data'";

>    $rv_unique = spi_exec_query($sql);

It's hardly a bug that you get a syntax error when $data contains
a single quote.  It's up to you to construct a well-formed query
string to give to spi_exec_query, and this code is not doing that.

            regards, tom lane

pgsql-bugs by date:

From: Tom Lane
Date: 01 February 2006, 14:23:09
Subject: Re: BUG #2225: Backend crash -- BIG table

From: Tom Lane
Date: 01 February 2006, 14:28:06
Subject: Re: BUG #2229: Parsing error in Functions Grant Wizard

Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu - Mailing list pgsql-bugs

Previous

Next