Reply to Re: [PostgreSQL] Unescaping escaped strings?

Your name:

Reply:


Posted by Ivαn Sαnchez Ortega on 10/11/82 11:36

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Toby Inkster wrote:

> IvΓ‘n SΓ‘nchez Ortega wrote:
>
>> No, it does not. pg_escape_string (and analogous functions for other DB
>> engines) just double the single quotes there may be inside the string.
>> They don't add any slashes AFAIK.
>
> Hmmm... never noticed that. I generally use addshashes() to prepare data
> for PostgreSQL anyway, which PostgreSQL seems OK about.

Yes, escaping single quotes by using a backslash is OK, but the SQL
standards specify otherwise. Taken from
http://www.postgresql.org/docs/8.1/interactive/sql-syntax.html :

"
A string constant in SQL is an arbitrary sequence of characters bounded by
single quotes ('), for example 'This is a string'. The standard-compliant
way of writing a single-quote character within a string constant is to
write two adjacent single quotes, e.g. 'Dianne''s horse'. PostgreSQL also
allows single quotes to be escaped with a backslash (\'). However, future
versions of PostgreSQL will not allow this, so applications using
backslashes should convert to the standard-compliant method outlined above.
"

So, pg_escape_string may add backslashes, or it may not. It may double any
single quotes, or it may not. The only things I'm sure are:
- - pg_escape_string allows a string to be put inside single quotes for use
into a SQL INSERT clause, given that versions of the client library and the
psql server are the same, and
- - the standard way to escape single-quoted strings for use in any SQL
standard-compliant DB engine is str_replace("'","''",$whatever);

If you insist on using homebrew, non-standard ways of escaping data for use
into SQL statements (such as addslashes();), you risk incompatibility. For
your own good, I suggest you to stop doing so.

- --
- ----------------------------------
IvΓ‘n SΓ‘nchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

Mientras los necios deciden, los inteligentes deliberan.- Plutarco.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDvTyV3jcQ2mg3Pc8RAjcaAJ9Z2SZNVbMydrAUSf4Qm3GH7O9FewCdGc33
ARF9uyCXYJw+6q1H6oTYmB4=
=Ex2J
-----END PGP SIGNATURE-----

[Back to original message]
УдалСнная Ρ€Π°Π±ΠΎΡ‚Π° для программистов  •  Как Π·Π°Ρ€Π°Π±ΠΎΡ‚Π°Ρ‚ΡŒ Π½Π° Google AdSense  •  England, UK  •  ΡΡ‚Π°Ρ‚ΡŒΠΈ Π½Π° английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Π‘Π°ΠΉΡ‚ ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ Π² Π‘Ρ‚ΡƒΠ΄ΠΈΠΈ Π’Π°Π»Π΅Π½Ρ‚ΠΈΠ½Π° ΠŸΠ΅Ρ‚Ρ€ΡƒΡ‡Π΅ΠΊΠ°
ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Π²Π΅Π±-сайтов, Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния, поисковая оптимизация