Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation
| От | Mike Taylor |
|---|---|
| Тема | Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation |
| Дата | |
| Msg-id | CAPMqW6uqaAf0o8D_U-fEwPBSZD7OPZ-QW6nsGkYv=0MxSL=e8A@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: BUG #15474: Special character escape sequences need better documentation, or more easily found documentation (Andrew Gierth <andrew@tao11.riddles.org.uk>) |
| Ответы |
Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation
Re: BUG #15474: Special character escape sequences need betterdocumentation, or more easily found documentation |
| Список | pgsql-bugs |
tl;dr: If this is just an RTFM moment, then I'm happy to chalk it up to that and move on with my life. :)
On Wed, Oct 31, 2018 at 10:51 AM Andrew Gierth <andrew@tao11.riddles.org.uk> wrote:
>>>>> "PG" == PG Bug reporting form <noreply@postgresql.org> writes:
PG> A simple table elaborating on the escapes for each special
PG> character would be incredibly helpful at determining how to
PG> translate those escapes for cleaning strings prior to insertion so
PG> those of us using postgresql can quickly write cleaning functions
PG> for data.
If you're "writing cleaning functions" you're already making a serious
mistake, because you should be passing data values as parameters (which
do not require escapes) rather than interpolating into the query string.
If you actually do need to interpolate into the query string for some
reason (like doing COPY or other utility statement that doesn't support
parameters), then you should be using the quote/escape functions
provided by the driver for your client language (e.g. in libpq there is
PQescapeStringConn).
--
Andrew (irc:RhodiumToad)
В списке pgsql-bugs по дате отправления: