Wednesday, May 21, 2008

Re: [GENERAL] escaping and quoting

Maarten Deprez wrote:
[wants to get rid of backslash escape warnings]
> > Does the program work correctly despite the warnings?
>
> At least it seems so. I'm using it as email server without problems.
>
>
> > What API are you using (there is no EscapeBytea function in the C API)?
>
> It's the PQescapeBytea function from libpq. Note that i didn't write the
> program, so i don't know the code so well.
>
>
> > Exactly how does the bytea string constant look that you send to the server?
>
> For example (taken from the log and completed a bit):
> INSERT INTO ... (..., messageblk,blocksize, physmessage_id) VALUES
> (0,'SA\\304...')
>
>
> > Are there any other strings with backslashes in your statements?
>
> Don't know, probably yes. The backslashes are probably generated by the
> escape function.

I use information from the online documentation:
http://www.postgresql.org/docs/current/static/runtime-config-compatible.html
http://www.postgresql.org/docs/current/static/libpq-exec.html#AEN31630

You should always use PQescapeByteaConn and not PQescapeBytea.
Presumably you have no choice, though, as you did not write the code.

You can get rid of the warnings by setting
escape_string_warning=off
This requires that
standard_conforming_strings=off

Alternatively (and this is better) you can preceed the string with E
(as in E'SA\\304...') and leave escape_string_warning=on.
I don't know if you can do that since you didn't write the code.
This makes you independent of the setting of standard_conforming_strings.

You can also (third option) set standard_conforming_strings=on.
But then you must use the PQescapeByteaConn function, which you probably cannot.

Or you execute the statement with PQexecParams and do not escape
the bytea at all.

Yours,
Laurenz Albe

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

No comments: