On Fri, 9 Feb 2001, Oleg Lebedev wrote:
> I am using postgresql to store data passed from a web page. A user may
> enter whatever text she wants on that web page. Do I have to prepend all
> the illegal characters in the text with backslashes before storing the
> text in the database? Is there any way to make postgresql prepend these
> illegal characters for me?
> Example:
> I have an entry 'foo/bar' in a database table (it was stored as
> 'foo/bar' NOT as 'foo\/bar', when I try to search for all rows that
> contain entry 'foo/bar', I get no results.
> Any help will be greatly appreciated.
What programming interface are you using for the form? Most usually
provide some sort of escaping mechanism before you insert data into the
database. Otherwise, you can write your own validation functions (which
you should do any way, to make sure users aren't doing bad things) to
escape funncy characters (single quotes, slashes, etc.).
-- Brett
http://www.chapelperilous.net/~bmccoy/
---------------------------------------------------------------------------
This is National Non-Dairy Creamer Week.
