Thread: missing quote_string - function

missing quote_string - function

From
tomcat@meinsenf.at
Date:
Hi,

I'm new to postgresql (used MySQL before)!
I'm looking for a function to quote a query-string!
There's a function in MySQL (eg in PHP:
http://www.php.net/manual/en/function.mysql-escape-string.php) - is there
nothing in postgresql's JDBC???

thanks
michi



Re: missing quote_string - function

From
"Dave Cramer"
Date:
Hmmmm....

That's an interesting problem I will have to check to see if we are
vulnerable to that example

On the upside, if you use a prepared statement you won't have to do
anything, the string will be quoted for you


Dave

-----Original Message-----
From: pgsql-jdbc-owner@postgresql.org
[mailto:pgsql-jdbc-owner@postgresql.org] On Behalf Of tomcat@meinsenf.at
Sent: November 7, 2001 6:31 PM
To: pgsql-jdbc@postgresql.org
Subject: [JDBC] missing quote_string - function


Hi,

I'm new to postgresql (used MySQL before)!
I'm looking for a function to quote a query-string!
There's a function in MySQL (eg in PHP:
http://www.php.net/manual/en/function.mysql-escape-string.php) - is
there
nothing in postgresql's JDBC???

thanks
michi



---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster