On 24/02/2012 16:38, David Johnston wrote:
> How about:
>
> WHERE some_col LIKE (user_submitted_input || '%') AND some_col ~ ('^.{' || length_of_user_submitted_input || '}\d*$')
>
> I'd have some reservations regarding multi-byte characters however - but this avoids any escaping of the input
string.
That's a clever trick, I might end using it.
> You could (should?) write the escaping routine on the server side in a user-defined function:
>
> WHERE some_col ~ ('^' || make_regexp_literal(user_submitted_stringliteral) || '\d*$')
I totally agree, but I hoped I could use an already existing function
without having to read the whole spec to figure what should and should
not be escaped.
> David J.
>
>
--
Ronan Dunklau