Re: How to escape to quotes on Insert into? - Mailing list pgsql-general

From Andre Lopes
Subject Re: How to escape to quotes on Insert into?
Date
Msg-id CAGFRAbNLH24tzb31YOQO_3ELPesGGb96qL9pY0W-wJYDAF9naQ@mail.gmail.com
Whole thread Raw
In response to Re: How to escape to quotes on Insert into?  (Bill Moran <wmoran@potentialtech.com>)
List pgsql-general
Thanks for your help. It is working.

Best Regards,

On Wed, Dec 21, 2011 at 9:04 PM, Bill Moran <wmoran@potentialtech.com> wrote:
> In response to Andre Lopes <lopes80andre@gmail.com>:
>
>> Hi,
>>
>> I need to escape quotes on an insert into that have a quote like this:
>>
>> http://host.com/cond'nast
>>
>> How can I escape " ' " on an insert into?
>
> It depends:
>
> The best way is to pass the string as a parametrized query, then you don't
> have to escape anything.
>
> The second best way is to use the string escape function for whatever
> language your programming in.
>
> If you don't have either of those available, you should reconsider your
> choice of language/client library, as writing your own escape functions is
> bad news.
>
> If you're forced to write the raw SQL statements for some reason, you
> escape ' with a second ', so:
> INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');
>
> --
> Bill Moran
> http://www.potentialtech.com
> http://people.collaborativefusion.com/~wmoran/
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general

pgsql-general by date:

Previous
From: Culley Harrelson
Date:
Subject: Re: design help for performance
Next
From: Xiaoning Xu
Date:
Subject: [partition table] python fetchall or fetchone function can not get the returning rows