Posgres Adding braces at beginning and end of text (html) content
Hi All,
I'm fairly new to postgres and I'm having this peculiar problem.
I'm storing raw html in a text field and I want users who know HTML to
update the content in a textarea field.
The problem is postgres is adding braces to the begining and ending of
the content. On creation and every time I update.
This is:
I input:
<p>xyz <p/>
.........
into the text area field I save and view I see
{<p>xyz</p>
.........
}
On a subsequent update I see
{{<p>xyz</p>
........
}}
On another I see
{{<p>xyz</p>
....
}}
Not sure what is happening here?
I am using postgres 8.3 on windows
On Thursday 2. April 2009, linnewbie wrote:
Hi All,
I'm fairly new to postgres and I'm having this peculiar problem.
I'm storing raw html in a text field and I want users who know HTML to
update the content in a textarea field.The problem is postgres is adding braces to the begining and ending of
the content. On creation and every time I update.
I can't reproduce your problem in 8.3.5:
pgslekt=> create table test (i integer, t text);
CREATE TABLE
pgslekt=> insert into test values (1, '<p>Hei hei</p>');
INSERT 0 1
pgslekt=> select * from test;
i | t
---+----------------
1 | <p>Hei hei</p>
(1 row)
Perhaps it's a middleware problem?
--
Leif Biberg Kristensen | Registered Linux User #338009
Me And My Database: http://solumslekt.org/blog/
On Apr 2, 8:59 am, l...@solumslekt.org ("Leif B. Kristensen") wrote:
On Thursday 2. April 2009, linnewbie wrote:
Hi All,
I'm fairly new to postgres and I'm having this peculiar problem.
I'm storing raw html in a text field and I want users who know HTML to
update the content in a textarea field.The problem is postgres is adding braces to the begining and ending of
the content. On creation and every time I update.I can't reproduce your problem in 8.3.5:
pgslekt=> create table test (i integer, t text);
CREATE TABLE
pgslekt=> insert into test values (1, '<p>Hei hei</p>');
INSERT 0 1
pgslekt=> select * from test;
i | t
---+----------------
1 | <p>Hei hei</p>
(1 row)Perhaps it's a middleware problem?
--
Leif Biberg Kristensen | Registered Linux User #338009
Me And My Database:http://solumslekt.org/blog/--
Sent via pgsql-general mailing list (pgsql-gene...@postgresql.org)
To make changes to your subscription:http://www.postgresql.org/mailpref/pgsql-general
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:
ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
.........
into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "
dbh $sql
......................
......................
......................
view:
set sql "SELECT page_content FROM profile \
WHERE page_id = $page"
set page_content [lindex [ dbh $sql ] 0]
::ncgi::header "text/html
...........................
...........................
...........................
puts "<textarea id='page_content' name='page_content'> $page_content
</
textarea>"
.........................................................
........................................................
in browser I see:
{<h1>Hello World </h1>
<p>xyz <p/>
.........
}
On a subsequent update I see
{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
}}
On another I see
{{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
(CC'ed to the list)
On Thursday 2. April 2009, linnewbie wrote:
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "dbh $sql
view:
set sql "SELECT page_content FROM profile \
WHERE page_id = $page"set page_content [lindex [ dbh $sql ] 0]
::ncgi::header "text/html
puts "<textarea id='page_content' name='page_content'> $page_content
</ textarea>"in browser I see:
{<h1>Hello World </h1>
<p>xyz <p/>
.........
}On a subsequent update I see
{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
}}On another I see
{{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
}}}
This is definitely not a postgresql problem. I'm storing tons of HTML
code, mostly via PHP scripts, and have had only minor issues with it,
eg. HTML entities like & being rendered as naked ampersands on
retrieval. That's a nuisance when you try to keep the W3C validator
happy, but there are ways around it.
You should probably present your problem to the Tcl community, and see
if they can come up with a reason for this oddity.
--
Leif Biberg Kristensen | Registered Linux User #338009
Me And My Database: http://solumslekt.org/blog/
Import Notes
Reply to msg id not found: 5881e0600904020628n1594a044lc1c38deff299dc68@mail.gmail.com
PostgreSQL does not add braces to text. It sounds like a problem with the code you have that inserts and retreives data out of PostgreSQL
Let's try a test case:
BEGIN;
CREATE TEMP TABLE test_table (
foo text
);
INSERT INTO test_table (foo) VALUES('<html>foo</html>');
SELECT foo FROM test_table;
ROLLBACK;
The result of the select statement should look like:
foo
------------------
<html>foo</html>
(1 row)
i.e., no added braces.
----
John L. Cheng
________________________________
From: linnewbie <linnewbie@gmail.com>
To: pgsql-general@postgresql.org
Sent: Thursday, April 2, 2009 5:48:40 AM
Subject: [GENERAL] Posgres Adding braces at beginning and end of text (html) content
Hi All,
I'm fairly new to postgres and I'm having this peculiar problem.
I'm storing raw html in a text field and I want users who know HTML to
update the content in a textarea field.
The problem is postgres is adding braces to the begining and ending of
the content. On creation and every time I update.
This is:
I input:
<p>xyz <p/>
..........
into the text area field I save and view I see
{<p>xyz</p>
..........
}
On a subsequent update I see
{{<p>xyz</p>
.........
}}
On another I see
{{<p>xyz</p>
.....
}}
Not sure what is happening here?
I am using postgres 8.3 on windows
Import Notes
Resolved by subject fallback
In response to linnewbie :
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
.........into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "
That is a security hole for sql-injection.
Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
hi,
i'm not a tcl user but it looks like an array representation. try to
remove braces [] from page_content.
regards.
thomas
linnewbie schrieb:
Show quoted text
into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "dbh $sql
On Apr 2, 10:01 am, andreas.kretsch...@schollglas.com ("A.
Kretschmer") wrote:
In response to linnewbie :
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
.........into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "That is a security hole for sql-injection.
This database user only has select,insert,update privileges on this
table and these are internal users (administrators) so I'm not sure
how much trouble they can make.
Is there another way to have users update content that is really
really complex html, nested <ul> with <span>s with spacial classes
etc?
On Apr 2, 11:06 am, linnewbie <linnew...@gmail.com> wrote:
On Apr 2, 10:01 am, andreas.kretsch...@schollglas.com ("A.
Kretschmer") wrote:
In response to linnewbie :
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
.........into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "That is a security hole for sql-injection.
This database user only has select,insert,update privileges on this
table and these are internal users (administrators) so I'm not sure
how much trouble they can make.Is there another way to have users update content that is really
really complex html, nested <ul> with <span>s with spacial classes
etc?
This is a tcl thing though.
On Thu, Apr 2, 2009 at 3:33 PM, linnewbie <linnewbie@gmail.com> wrote:
set page_content [lindex [ dbh $sql ] 0]
I have never heard of tclodbc, but I believe you are putting the first
row into your variable, which is why it shows with curly braces. The
problem should be more obvious when you try to fetch more than one
column from the table. Try this:
set page_content [lindex [lindex [ dbh $sql ] 0] 0]
That should solve your problem.