Hello.
I'd like to perform a query using user-submitted input in a regular
expression.
Something along the lines of:
select some_col
from some_table
where some_col ~ ('^' || user_submitted_input || '\d*$')
This query is looking for every value matching the user submitted input
with optional trailing decimal characters.
My problem is: the user can break this using special regular expression
characters (ex: 'test(').
I'm looking for a way to escape regular expression characters from the
input (maybe a function already exists for that purpose?).
I could do it on the client side, but I'm not really sure how python and
postgresql flavors of regular expressions differ.
I've seen that the (?q) modifier is supported (treat the rest of the
regexp as normal characters), but unless I missed something it I can't
use it anywhere else than at the beginning of the regexp.
>From the docs at
http://www.postgresql.org/docs/current/static/functions-matching.html:
"Embedded options take effect at the ) terminating the sequence. They
can appear only at the start of an ARE."
Any idea on how to achieve this ?
Thank you.
--
Ronan Dunklau
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
