Tom Lane wrote:
> Matthew Schumacher <matt.s@aptalaska.net> writes:
>> I upgraded to postgres-8.1.4 and saw all of the backslash escape changes
>> and understand why, but I can't figure out how to put a literal \' in
>> the database.
>
> You use the SQL-standard way, which is to repeat the quote mark:
> 'Meet at Joe''s house'
>
>> The data is coming from PHP,
>
> I have met your problem, and its name is addslashes(). Don't use it.
> addslashes is exactly the security hole we are trying to plug.
>
> regards, tom lane
Thanks for the reply Tom, however I don't think you understand my issue.
I'm not using addslashes and I am using the SQL standard way to
escape a single quote. The problem is that I want to put a literal \'
inside the database. So if \ is no longer an escape character, and ''
is the SQL way to pass a literal ' then you would think that \'' would
put a literal \' into the database, however postgres rejects this and
spits out an error.
So the question isn't how to I escape ', the question is how do I insert
a literal \' into a varchar?
Thanks,
schu