Thread: How to escape to quotes on Insert into?

How to escape to quotes on Insert into?

From
Andre Lopes
Date:
Hi,

I need to escape quotes on an insert into that have a quote like this:

http://host.com/cond'nast

How can I escape " ' " on an insert into?

Best Regards,
André.

Re: How to escape to quotes on Insert into?

From
Bill Moran
Date:
In response to Andre Lopes <lopes80andre@gmail.com>:

> Hi,
>
> I need to escape quotes on an insert into that have a quote like this:
>
> http://host.com/cond'nast
>
> How can I escape " ' " on an insert into?

It depends:

The best way is to pass the string as a parametrized query, then you don't
have to escape anything.

The second best way is to use the string escape function for whatever
language your programming in.

If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.

If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

Re: How to escape to quotes on Insert into?

From
Andre Lopes
Date:
Thanks for your help. It is working.

Best Regards,

On Wed, Dec 21, 2011 at 9:04 PM, Bill Moran <wmoran@potentialtech.com> wrote:
> In response to Andre Lopes <lopes80andre@gmail.com>:
>
>> Hi,
>>
>> I need to escape quotes on an insert into that have a quote like this:
>>
>> http://host.com/cond'nast
>>
>> How can I escape " ' " on an insert into?
>
> It depends:
>
> The best way is to pass the string as a parametrized query, then you don't
> have to escape anything.
>
> The second best way is to use the string escape function for whatever
> language your programming in.
>
> If you don't have either of those available, you should reconsider your
> choice of language/client library, as writing your own escape functions is
> bad news.
>
> If you're forced to write the raw SQL statements for some reason, you
> escape ' with a second ', so:
> INSERT INTO tablename (colname) VALUES ('http://host.com/cond''nast');
>
> --
> Bill Moran
> http://www.potentialtech.com
> http://people.collaborativefusion.com/~wmoran/
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general