On Aug 13, 2007, at 11:21 , Osvaldo Rosario Kussama wrote:
> Dollar-Quoted String Constants?
> http://www.postgresql.org/docs/8.2/interactive/sql-syntax-
> lexical.html#SQL-SYNTAX-CONSTANTS
>
> INSERT INTO persons VALUES ($$Harry$$, $$O'Callaghan$$);
Do not interpolate values into SQL literals, regardless of which
literal syntax you're using. Use bind parameters.
> Perhaps use quote_literal() function?
> http://www.postgresql.org/docs/8.2/interactive/functions-string.html
If you're writing a database adapter, maybe. Otherwise, use bind
parameters. They're easier and you shouldn't have to worry about
always remembering to use quote_literal.
Michael Glaesemann
grzm seespotcode net