Thread: Escaping in C-language functions
Hello,
i have a C-language function and need to escape some strings returned
from SPI_getvalue to insert into another query string.
Is there a proper way to do the escaping or should i use
my own functions for that?
Or i'm totally wrong and there's a better way to get the values
from a row and insert it into another table?
Best regards
--
Andreas 'ads' Scherbaum
Andreas Scherbaum wrote: > Hello, > > i have a C-language function and need to escape some strings returned > from SPI_getvalue to insert into another query string. > Is there a proper way to do the escaping or should i use > my own functions for that? > Or i'm totally wrong and there's a better way to get the values > from a row and insert it into another table? > > > Best regards > If you are using 7.2, see section 1.3.2. (Escaping strings for inclusion in SQL queries) at: http://www.us.postgresql.org/users-lounge/docs/7.2/postgres/libpq-exec.html If you are using < 7.2, you'll have to create your own function. See fe-exec.c in current sources for the 7.2 function. Hope this helps, Joe
Joe Conway wrote: > > Andreas Scherbaum wrote: > > Hello, > > > > i have a C-language function and need to escape some strings returned > > from SPI_getvalue to insert into another query string. > > Is there a proper way to do the escaping or should i use > > my own functions for that? > > Or i'm totally wrong and there's a better way to get the values > > from a row and insert it into another table? > If you are using 7.2, see section 1.3.2. (Escaping strings for inclusion > in SQL queries) at: > http://www.us.postgresql.org/users-lounge/docs/7.2/postgres/libpq-exec.html > > If you are using < 7.2, you'll have to create your own function. See > fe-exec.c in current sources for the 7.2 function. I'm inside a C-language function (on the server side), not inside a application written in C. Best regards -- Andreas 'ads' Scherbaum
Andreas Scherbaum wrote: > Joe Conway wrote: > >>Andreas Scherbaum wrote: >> >>>Hello, >>> >>>i have a C-language function and need to escape some strings returned >>>from SPI_getvalue to insert into another query string. >>>Is there a proper way to do the escaping or should i use >>>my own functions for that? >>>Or i'm totally wrong and there's a better way to get the values >>>from a row and insert it into another table? >> > >>If you are using 7.2, see section 1.3.2. (Escaping strings for inclusion >>in SQL queries) at: >>http://www.us.postgresql.org/users-lounge/docs/7.2/postgres/libpq-exec.html >> >>If you are using < 7.2, you'll have to create your own function. See >>fe-exec.c in current sources for the 7.2 function. > > > I'm inside a C-language function (on the server side), not inside a > application written in C. > Oops, sorry. I guess I should have inferred that from SPI_getvalue. I don't know of anything in the backend to help you, but I suppose you could cut-and-paste from fe-exec.c Joe
Joe Conway wrote: > Andreas Scherbaum wrote: > > Joe Conway wrote: > > > >>Andreas Scherbaum wrote: > >> > >>>Hello, > >>> > >>>i have a C-language function and need to escape some strings returned > >>>from SPI_getvalue to insert into another query string. > >>>Is there a proper way to do the escaping or should i use > >>>my own functions for that? > >>>Or i'm totally wrong and there's a better way to get the values > >>>from a row and insert it into another table? > >> > > > >>If you are using 7.2, see section 1.3.2. (Escaping strings for inclusion > >>in SQL queries) at: > >>http://www.us.postgresql.org/users-lounge/docs/7.2/postgres/libpq-exec.html > >> > >>If you are using < 7.2, you'll have to create your own function. See > >>fe-exec.c in current sources for the 7.2 function. > > > > > > I'm inside a C-language function (on the server side), not inside a > > application written in C. > > > > Oops, sorry. I guess I should have inferred that from SPI_getvalue. I > don't know of anything in the backend to help you, but I suppose you > could cut-and-paste from fe-exec.c There is a builtin function quote_literal(text) returns text That'll do. Jan -- #======================================================================# # It's easier to get forgiveness for being wrong than for being right. # # Let's break this rule - forgive me. # #================================================== JanWieck@Yahoo.com # _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Jan Wieck wrote: > > >>>i have a C-language function and need to escape some strings returned > > >>>from SPI_getvalue to insert into another query string. > > >>>Is there a proper way to do the escaping or should i use > > >>>my own functions for that? > > >>>Or i'm totally wrong and there's a better way to get the values > > >>>from a row and insert it into another table? > > >> > > > > > >>If you are using 7.2, see section 1.3.2. (Escaping strings for inclusion > > >>in SQL queries) at: > > >>http://www.us.postgresql.org/users-lounge/docs/7.2/postgres/libpq-exec.html > > >> > > >>If you are using < 7.2, you'll have to create your own function. See > > >>fe-exec.c in current sources for the 7.2 function. > > > > > > > > > I'm inside a C-language function (on the server side), not inside a > > > application written in C. [...] > There is a builtin function > > quote_literal(text) returns text Any idea (or a short example code) how to use this function inside a trigger function written in C? The value is returned from SPI_getbinval (Datum) or SPI_getvalue (char i think). But in the last method i have a problem with \0. Best regards -- Andreas 'ads' Scherbaum