> I beleive that the DB interface layers do this for you if you use the
> prepare type statements.
I really don't know these statements. Where can I find information about
them?. By the way, I'm using C with libpq to access Postgresql.
> If I really had to do this a lot I would consider
> writing my own function like this:
>
> mydbsprintf( output, "select * from t where firstname = '$' and
description = '$';",
> "D'Innocenzo", "blah" );
>
> Then that function can do the escaping for you. Then you only need one
> buffer to store the final query before executing it.
Do you mean create my own version of the sprintf function? It seems a good
idea to avoid having to work so many auxiliar buffers... I'm going to look
at the gcc source code for the sprintf implementation to see if it is not
too difficult...
Thanks,
Jordi