illegal characters
Hello,
I am using postgresql to store data passed from a web page. A user may
enter whatever text she wants on that web page. Do I have to prepend all
the illegal characters in the text with backslashes before storing the
text in the database? Is there any way to make postgresql prepend these
illegal characters for me?
Example:
I have an entry 'foo/bar' in a database table (it was stored as
'foo/bar' NOT as 'foo\/bar', when I try to search for all rows that
contain entry 'foo/bar', I get no results.
Any help will be greatly appreciated.
Thanks
Hi,
I don't know what programming language you are using but there's
surely a function named quote which will do that for you.
With perl DBI you can use it like this :
quote :
Quote a string literal for use as a literal value in an SQL statement
by
escaping any special characters (such as quotation marks) contained
within the string and adding the required type of outer quotation
marks.
$sql = $dbh->quote($string);
Regards
Gilles DAROLD
Oleg Lebedev wrote:
Show quoted text
Hello,
I am using postgresql to store data passed from a web page. A user may
enter whatever text she wants on that web page. Do I have to prepend all
the illegal characters in the text with backslashes before storing the
text in the database? Is there any way to make postgresql prepend these
illegal characters for me?
Example:
I have an entry 'foo/bar' in a database table (it was stored as
'foo/bar' NOT as 'foo\/bar', when I try to search for all rows that
contain entry 'foo/bar', I get no results.
Any help will be greatly appreciated.
Thanks