Andreas Wenk <[email protected]> writes:
> EXECUTE 'INSERT INTO produkte
> (art_nr,bezeichnung,beschreibung,preis,steuersatz,aktionspreis,stichworte,vector)
> VALUES
> ('''||art_nr||''','''||bezeichnung||''','''||beschreibung||''','||preis||',
>
> '||steuersatz||','||aktionspreis||','''||stichworte||''','||vect||')';
This is not going to work with such a half-baked approach to quoting the
data values --- any value with ' or \ in it will break it. You could
use quote_literal(), but I wonder why you are bothering with EXECUTE at
all. If you just did the INSERT directly it would run faster and be a
lot less ugly.
regards, tom lane
--
Sent via pgsql-general mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
