Participants
Andre Lopes
Andre Lopes
Bill Moran
Bill Moran
Attachments
Show all attachments
Thread Outline
#1Andre LopesAndre Lopes
Dec 21, 2011
#2Bill MoranBill Moranto Andre Lopes (#1)
Dec 21, 2011
#3Andre LopesAndre Lopesto Bill Moran (#2)
Dec 21, 2011

How to escape to quotes on Insert into?

Started by Andre Lopesover 14 years ago3 messagesgeneral
Jump to latest
#1Andre Lopes
Andre Lopes
lopes80andre@gmail.com

Hi,

I need to escape quotes on an insert into that have a quote like this:

http://host.com/cond'nast

How can I escape " ' " on an insert into?

Best Regards,
André.

#2Bill Moran
Bill Moran
wmoran@potentialtech.com
In reply to: Andre Lopes (#1)
Re: How to escape to quotes on Insert into?

In response to Andre Lopes <lopes80andre@gmail.com>:

Hi,

I need to escape quotes on an insert into that have a quote like this:

http://host.com/cond&#39;nast

How can I escape " ' " on an insert into?

It depends:

The best way is to pass the string as a parametrized query, then you don't
have to escape anything.

The second best way is to use the string escape function for whatever
language your programming in.

If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.

If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond&#39;&#39;nast&#39;);

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

#3Andre Lopes
Andre Lopes
lopes80andre@gmail.com
In reply to: Bill Moran (#2)
Re: How to escape to quotes on Insert into?

Thanks for your help. It is working.

Best Regards,

Show quoted text

On Wed, Dec 21, 2011 at 9:04 PM, Bill Moran <wmoran@potentialtech.com> wrote:

In response to Andre Lopes <lopes80andre@gmail.com>:

Hi,

I need to escape quotes on an insert into that have a quote like this:

http://host.com/cond&#39;nast

How can I escape " ' " on an insert into?

It depends:

The best way is to pass the string as a parametrized query, then you don't
have to escape anything.

The second best way is to use the string escape function for whatever
language your programming in.

If you don't have either of those available, you should reconsider your
choice of language/client library, as writing your own escape functions is
bad news.

If you're forced to write the raw SQL statements for some reason, you
escape ' with a second ', so:
INSERT INTO tablename (colname) VALUES ('http://host.com/cond&#39;&#39;nast&#39;);

--
Bill Moran
http://www.potentialtech.com
http://people.collaborativefusion.com/~wmoran/

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

← Back to Topics