Home > mailing lists

Re: Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: Re: Escaping strings for inclusion into SQL queries
Date	August 23, 2001 20:02:11
Msg-id	tgg0aio7jy.fsf@mercury.rus.uni-stuttgart.de Whole thread Raw
In response to	Re: Escaping strings for inclusion into SQL queries (Christopher Masto <chris@netmonger.net>)
Responses	Re: Re: Escaping strings for inclusion into SQL queries
List	pgsql-hackers

Tree view

Christopher Masto <chris@netmonger.net> writes:

> I only have one issue - the SQL standard seems to support the use
> of '' to escape a single quote, but not \'.  Though PostgreSQL has
> an extended notion of character string literals, I think that the
> usual policy of using the standard interface when possible should
> apply.

The first version escaped ' with ''.  I changed it when I noticed that
if \' is used instead, the same function can be used for strings
('...') and identifiers ("...").

In addition, you have to replace \ with \\, so you are forced
to leave the grounds of the standard anyway.

-- 
Florian Weimer                       Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

pgsql-hackers by date:

From: Ned Wolpert
Date: 23 August 2001, 19:56:41
Subject: Re: [JDBC] New backend functions? [was Re: JDBC changes for 7.2.

From: Bruce Momjian
Date: 23 August 2001, 20:18:03
Subject: Re: Remove --enable-syslog?

Re: Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next