On Thu, Nov 02, 2006 at 01:35:41PM +0200, Peter wrote: > It is like the weirdest thing ever... > > I have a proc that dynamically generates SQL, executes it and returns > results as setof record. Some of fields are strings with single quotes > inside them. Since these strings are being picked up from database I > store them as: <snip> Not quite sure, but maybe some users are using inline parameters and some are using out of line parameters? The quoting rules only apply to inline paramaters. In any case, it appears someone is screwing up the quoting somewhere... Note that there are quoting functions to help create dynamic sql safely. Have a nice day, -- Martijn van Oosterhout <kleptog@xxxxxxxxx> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to litigate.
Attachment:
signature.asc
Description: Digital signature
