Tom Lane wrote: > Matthew Schumacher <matt.s@xxxxxxxxxxxxx> writes: >> I upgraded to postgres-8.1.4 and saw all of the backslash escape changes >> and understand why, but I can't figure out how to put a literal \' in >> the database. > > You use the SQL-standard way, which is to repeat the quote mark: > 'Meet at Joe''s house' > >> The data is coming from PHP, > > I have met your problem, and its name is addslashes(). Don't use it. > addslashes is exactly the security hole we are trying to plug. > > regards, tom lane Thanks for the reply Tom, however I don't think you understand my issue. I'm not using addslashes and I am using the SQL standard way to escape a single quote. The problem is that I want to put a literal \' inside the database. So if \ is no longer an escape character, and '' is the SQL way to pass a literal ' then you would think that \'' would put a literal \' into the database, however postgres rejects this and spits out an error. So the question isn't how to I escape ', the question is how do I insert a literal \' into a varchar? Thanks, schu
