Thread: ERROR: unterminated quoted string... help

Hi

I'm trying to insert encrypted data into the database and I'm noticing
error dealing with quotes. Below is the error print out...

suggestions and/or at least point me in the direction to find a solution,

Thanks,
J



INSERT INTO sample.users (user_name, first_name) VALUES
('jokers', '=ïµiF!¶6(ÖŸã�¾óˆÌ‘'-Iw‰iDÖiJÐÿ† %')

Warning: pg_query() [function.pg-query]: Query failed: ERROR:
unterminated quoted string at or near "'=ïµi" at character 68 in
/usr/local/apache2/htdocs/php/5/Theirry_DB.php on line 162

Scott Marlowe wrote:

>
>Use a bytea field and use pg_escape_bytea() to prepare the data for
>insertion.
>
>
>
Thanks Scott, I will try it now.

J

On 2005-05-17 14:15:53 -0400 (Tue, May), Postgres Admin wrote:
> Hi
>
> I'm trying to insert encrypted data into the database and I'm noticing
> error dealing with quotes. Below is the error print out...
>
> suggestions and/or at least point me in the direction to find a solution,
>
> Thanks,
> J
>
> INSERT INTO sample.users (user_name, first_name) VALUES
> ('jokers', '=??iF!?6(Ö????ó???'-Iw?iDÖiJ??? %')
>
> Warning: pg_query() [function.pg-query]: Query failed: ERROR:
> unterminated quoted string at or near "'=??i" at character 68 in
> /usr/local/apache2/htdocs/php/5/Theirry_DB.php on line 162

You should pass the encrypted data thru pg_escape_string() function.
You surely should do it with almost EVERY string that you put as an
argument in a query, especially if it comes from 'outside'.

$query = "INSERT INTO .... ('jokers','" .  pg_escape_string($encrypted) . "');" ;

--
bashian roulette:
 $ ((RANDOM%6)) || rm -rf ~

Hi,

On 5/17/05, Postgres Admin <postgres@productivitymedia.com> wrote:
> I'm trying to insert encrypted data into the database and I'm noticing
> error dealing with quotes. Below is the error print out...
>
> suggestions and/or at least point me in the direction to find a solution,
>
> INSERT INTO sample.users (user_name, first_name) VALUES
> ('jokers', '=ïµiF!¶6(֟㍾óˆÌ''-Iw‰iDÖiJÐÿ† %')
If you don't use parameters, you need to escape the data to place in
an SQL query command. But this may cost so much on the CPU and RAM
side if your will be escaped data is enough long to exhaust other
processes. (For example, it's not so feasible to unescape a media file
while inserting.)

At the moment, current stable releases of PHP doesn't support
parameter usage, but it was committed to CVS in revision 1.315. If
you'll need these kind of escape functions so much, I'd encourage you
to patch your php/ext/pgsql/pgsql.c with the one in CVS tree. After
patch, you'll be able to use pg_query_params, pg_prepare, pg_execute,
pg_send_query_params and pg_send_prepare; namely, every possible
parameter supported function.

Regards.