Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation - Mailing list pgsql-bugs

From Mike Taylor
Subject Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation
Date
Msg-id CAPMqW6u_RW25s4fHuGE4wkgLJYJ-_BdFbA4oz-9d=nneyuaGEA@mail.gmail.com
Whole thread Raw
In response to Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation  (Mike Taylor <bubthegreat@gmail.com>)
List pgsql-bugs
btw - You guys are super responsive. Very nice to experience

On Wed, Oct 31, 2018 at 11:23 AM Mike Taylor <bubthegreat@gmail.com> wrote:
tl;dr: If this is just an RTFM moment, then I'm happy to chalk it up to that and move on with my life. :)

I'm coming from a background of devops (mostly python/C++), not database administration, so this may be something that's fairly straightforward for a different audience - but this wasn't clear to me as someone who's coming into it from the outside.  An obscure stackoverflow answer is where I landed how to fix it rather than being able to find it in the documentation, so I figured I'd submit it as an improvement request.  If I'm super off base on it not being clear, then feel free to close - but I felt like the point of documentation is that it should answer those kinds of questions rather than googling other places.  Even just a link to the documentation for those would be very helpful as a "Looking for this?  It's <here>" for the special character documentation that David mentioned would have been extremely helpful IMHO.










On Wed, Oct 31, 2018 at 10:51 AM Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
>>>>> "PG" == PG Bug reporting form <noreply@postgresql.org> writes:

 PG> A simple table elaborating on the escapes for each special
 PG> character would be incredibly helpful at determining how to
 PG> translate those escapes for cleaning strings prior to insertion so
 PG> those of us using postgresql can quickly write cleaning functions
 PG> for data.

If you're "writing cleaning functions" you're already making a serious
mistake, because you should be passing data values as parameters (which
do not require escapes) rather than interpolating into the query string.

If you actually do need to interpolate into the query string for some
reason (like doing COPY or other utility statement that doesn't support
parameters), then you should be using the quote/escape functions
provided by the driver for your client language (e.g. in libpq there is
PQescapeStringConn).

--
Andrew (irc:RhodiumToad)


--
Mike Taylor
bubthegreat@gmail.com
(801)913-9767


--
Mike Taylor
bubthegreat@gmail.com
(801)913-9767

pgsql-bugs by date:

Previous
From: Mike Taylor
Date:
Subject: Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation
Next
From: "David G. Johnston"
Date:
Subject: Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation