Just to keep it clean, replace the last character with space before
adding "WHERE ...".
Martijn van Oosterhout wrote:
>
> On Sat, Dec 07, 2002 at 02:32:48PM -0500, MT wrote:
> > Hi,
> >
> > I'm developing a C++ script to update postgresql database records. The
> > user interacts with the script via an html form. That is, the user is
> > presented with the data from a particular record in an html form and
> > asked to update any number of fields in that record.
> >
> > To perform a multiple column update in postgres one does:
> >
> > UPDATE tablename
> > SET column1 = 'blahblah',
> > column2 = 'moreblahblah',
> > column3 = 1234
> > WHERE id = 555;
>
> Heh, my cheap and hacky why is to end each column = value clause with a
> comma. Then i finish it off with a "id=id WHERE ...". That clause becomes a
> noop and the syntax is fine.
>
> Oh yeah, check out the SQL injection attacks. Nasty :)
> --
> Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> > Support bacteria! They're the only culture some people have.
>
> ------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature