Re: text column constraint, newbie question

On Mon, 23 Mar 2009 14:11:28 -0700 (PDT)
RebeccaJ <rebeccaj@gmail.com> wrote:

> now. Before, I was planning to have CHECK constraints in all of my
> text or char fields, to keep out all semicolons, single quotes, and
> anything else that looked dangerous. Now I'm thinking that I'll be
> using htmlentities(), pg_escape_string() and pg_query_params() as

check, htmlentities, pg_escape_string and pg_query_params really
don't belong to the same family of "functions" and serve very
different purposes.

simplifying it very much:
- check are used to control the quality of data that get stored in
  the db
- htmlentities is about formatting for web output
- pg_escape_string is to prepare input for sql and avoiding sql
  injection
- pg_query_params is a relative of pg_escape_string but somehow used
  differently

--
Ivan Sergio Borgonovo
http://www.webthatworks.it