At 5:51p -0500 on 14 Nov 2007, A.M. wrote:
> On Nov 14, 2007, at 4:23 PM, Scott Marlowe wrote:
>
>> On Nov 14, 2007 2:40 PM, madhtr <madhtr@schif.org> wrote:
>>> Quick question, are there any native functions in PostGreSQL 8.1.4
>>> that will strip HTML tags, escape chars, etc?
>>
>> I can't think of a lot of native functions, but it's sure easy enough
>> to roll your own with things like the regex functionality built in.
>
> Please don't do that- there are corner cases where a naive regex can
> fail, leaving the programmer thinking he is covered when he is not. The
> variety of web languages include filtering modules (HTML::Scrubber)- in
> the case of Perl or PHP, it can even be run server-side.
>
> Furthermore, one shouldn't use an API which allows for SQL injections.
Sorry for the 4-day late response (out of town). Doesn't Postgres do
the escaping for you if you prepare the statement before hand? It still
doesn't remove the HTML tags, though ...
Kevin