Maybe I'm missing the point, but have read about quote_ident() and quote_literal() at chapter 9.4 "String Functions and Operators"? BR -- Fahrbahn ist ein graues Band weisse Streifen, grüner Rand On Thursday 08 January 2009 09:52:29 Mohamed wrote: > ..... any one? > > On Wed, Jan 7, 2009 at 8:07 PM, Mohamed <mohamed5432154321@xxxxxxxxx> wrote: > > Hi, I am wondering whether or not there exists any built in function for > > making sure a query/textinput is not harmful or one that escapes them. If > > not, what kind of things should I watch out for ? > > As of now, I get errors on the quote ( ' ) if it is entered in an input > > and in to_tsquery also on space. What other tokens should I be careful > > about? How should I handle these ? How do I escape them ? > > > > When fulltext indexing my text, is there any risk that the text being > > indexed could be harmful if it contains certain characters ? > > > > / Moe -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
