Re: UPDATE syntax problem

Using pltcl...

I just strip the comma, if it's there, when I'm all done with the " col = 'value' " bit.

string trimright $sql {,}

We all have our cheap hacks to bear....

The built-in [quote $value] in pltcl is handy for fending off injection attacks.

>>> Martijn van Oosterhout <kleptog@svana.org> 12/09/02 02:51AM >>>
On Sat, Dec 07, 2002 at 02:32:48PM -0500, MT wrote:
> Hi,
>
> I'm developing a C++ script to update postgresql database records. The
> user interacts with the script via an html form. That is, the user is
> presented with the data from a particular record in an html form and
> asked to update any number of fields in that record.
>
> To perform a multiple column update in postgres one does:
>
> UPDATE tablename
>          SET column1 = 'blahblah',
>              column2 = 'moreblahblah',
>              column3 = 1234
>          WHERE id = 555;

Heh, my cheap and hacky why is to end each column = value clause with a
comma. Then i finish it off with a "id=id WHERE ...". That clause becomes a
noop and the syntax is fine.

Oh yeah, check out the SQL injection attacks. Nasty :)
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Support bacteria! They're the only culture some people have.