Here's a confirmation of what I previously sent ...
Just the single-quote (') has to be escaped...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: [EMAIL PROTECTED] secondary: scrappy@{freebsd|postgresql}.org
---------- Forwarded message ----------
Date: Tue, 04 Jan 2000 13:12:58 -0500
From: Tom Lane <[EMAIL PROTECTED]>
To: The Hermit Hacker <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: [INTERFACES] escaping characters ...
The Hermit Hacker <[EMAIL PROTECTED]> writes:
> MySQl has 'mysql_escape_string' in it's client library. Does Pg have
> something like that?
libpq doesn't provide any such function --- perhaps it should, but
on the other hand the amount of code involved is pretty tiny, and
issues like memory allocation/freeing would complicate the definition
of the function.
> if not, what should be escaped?
When generating quoted strings for use in SQL commands, you should
prefix single-quote (') and backslash (\) characters with a backslash.
I think that's all.
COPY IN/OUT data has a different set of rules. There, you can but
don't have to backslash single quotes. You do need to convert returns
and tabs into \n and \t, and of course backslash itself must be doubled.
(If you are using some other character than tab as the field delimiter,
then it'd need backslashing instead.)
Data returned by libpq after a SELECT is not quoted at all.
regards, tom lane
______________
If you want to unsubscribe send "unsubscribe udmsearch"
to [EMAIL PROTECTED]
