http://www.postgresql.org/docs/8.3/interactive/sql-syntax-lexical.html#SQL-SYNTAX-CONSTANTS Either of: * double the quote (e.g. 'Peter''s') * use backslash escape (e.g. E'Peter\'s', note the "E" prefix that means the string is an escape string) * use $-quoting (e.g. $x$Peter's$x$) * if you are working with some external interfaces use appropriate escaping function they provide (for instance in libpq: PQescapeStringConn - http://www.postgresql.org/docs/8.3/interactive/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING, PHP: pg-escape-string - http://ru2.php.net/manual/en/function.pg-escape-string.php) * use PQexecParams (http://www.postgresql.org/docs/8.3/interactive/libpq-exec.html) or its wrappers (as pg_exec_params in PHP) * use prepared statements: http://www.postgresql.org/docs/8.3/interactive/sql-prepare.html or PQprepare - http://www.postgresql.org/docs/8.3/interactive/libpq-exec.html#LIBPQ-EXEC-MAIN
pgsql-novice by date:
Соглашаюсь с условиями обработки персональных данных