[GENERAL] Regular expression. How to disable ALL meta-character in a regular expression

2005-04-20 Thread David Gagnon 
Hi all,
I have a web interface with offers a search field.  This search field 
will look for the string X in 12 different columns.  If the string is 
found anywhere I return the row.

The problem is that the user is eable to put spacial character like : [* 
This create invalid regular expression and make my sql crash.
ICNUM~* #descriptionOrKeyword#

Is there a way to disable all meta-character.  I found this in the 
manual .. but haven't found example :-(:
: with ***=, the rest of the RE is taken to be a literal string, 
with all characters
considered ordinary characters.

I know my question si basic . but I search around and haven't found so 
far .. please help :-)

Thanks
/David

\Richard Huxton wrote:
Benjamin Holmberg wrote:
This is the error message I'm getting by using: ''arg_id'' instead of:
(CAST(arg_id
AS integer))
SELECT production_scheduled_for_date('2005-05-12', '49');
ERROR: invalid input syntax for integer: arg_id

That's because ''arg_id'' is the string value arg_id, those six 
characters rather than the value of any variable.

--
  Richard Huxton
  Archonet Ltd
---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster

---(end of broadcast)---
TIP 2: you can get off all lists at once with the unregister command
   (send unregister YourEmailAddressHere to [EMAIL PROTECTED])

Re: [GENERAL] Regular expression. How to disable ALL meta-character in a regular expression

2005-04-20 Thread Michael Fuhr 
On Wed, Apr 20, 2005 at 11:28:28AM -0400, David Gagnon wrote:
 
 I have a web interface with offers a search field.  This search field 
 will look for the string X in 12 different columns.  If the string is 
 found anywhere I return the row.
 
 The problem is that the user is eable to put spacial character like : [* 
 This create invalid regular expression and make my sql crash.
 ICNUM~* #descriptionOrKeyword#
 
 Is there a way to disable all meta-character.

Why are you doing a regular expression search if you don't want to
allow regular expressions?

 I found this in the manual .. but haven't found example :-(:
 : with ***=, the rest of the RE is taken to be a literal string, 
 with all characters considered ordinary characters.

Read again the entire sentence, especially the first few words:

  If an RE begins with ***=, the rest of the RE is taken to be a
  literal string, with all characters considered ordinary characters.

Here are some examples:

SELECT 'test string' ~ 'test[*';
ERROR:  invalid regular expression: brackets [] not balanced

SELECT 'test string' ~ '***=test[*';
 ?column? 
--
 f
(1 row)

SELECT 'test[* string' ~ '***=test[*';
 ?column? 
--
 t
(1 row)

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/

---(end of broadcast)---
TIP 4: Don't 'kill -9' the postmaster