[PostgreSQL] Unescaping escaped strings?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Micha³ Gancarski
    #1

    [PostgreSQL] Unescaping escaped strings?

    Hello!

    How do one unescape strings prepared with pg_escape_strin g() ?
    stripslashes() will not work because both these functions are not
    completely compatible.

    Thank you all in advance

    --
    Micha³ Gancarski
    "When I get down on my knees, it is not to pray" Madonna
    Tags: linux unescape
    • Toby Inkster
      #2
      Re: [PostgreSQL] Unescaping escaped strings?

      Michał Gancarski wrote:
      [color=blue]
      > How do one unescape strings prepared with pg_escape_strin g() ?
      > stripslashes() will not work because both these functions are not
      > completely compatible.[/color]

      StripCSlashes() might do it. Technically, it's the inverse of
      AddCSlashes(), but I can't see any reason it shouldn't work.

      --
      Toby A Inkster BSc (Hons) ARCS
      Contact Me ~ http://tobyinkster.co.uk/contact

        Comment

        • Iván Sánchez Ortega
          #3
          Re: [PostgreSQL] Unescaping escaped strings?

          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1

          Micha³ Gancarski wrote:
          [color=blue]
          > How do one unescape strings prepared with pg_escape_strin g() ?[/color]

          You don't - when fetching the results from a SQL query, they will be already
          unescaped.

          This applies for most DB engines too.

          - --
          - ----------------------------------
          Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

          http://acm.asoc.fi.upm.es/~mr/ ; http://acm.asoc.fi.upm.es/~ivan/
          MSN:i_eat_s_p_a _m_for_breakfas t@hotmail.com
          Jabber:ivansanc hez@jabber.org ; ivansanchez@kde talk.net
          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.4.2 (GNU/Linux)

          iD8DBQFDvHFD3jc Q2mg3Pc8RAs8UAJ 9K0SWdeC0VFuMX0 ABOXBrsz3KQUQCf aAAv
          y0govlCUYg6rk/UdOGN62HQ=
          =Iokv
          -----END PGP SIGNATURE-----

            Comment

            • Iván Sánchez Ortega
              #4
              Re: [PostgreSQL] Unescaping escaped strings?

              -----BEGIN PGP SIGNED MESSAGE-----
              Hash: SHA1

              Toby Inkster wrote:
              [color=blue][color=green]
              >> How do one unescape strings prepared with pg_escape_strin g() ?[/color]
              >
              > StripCSlashes() might do it.[/color]

              No, it does not. pg_escape_strin g (and analogous functions for other DB
              engines) just double the single quotes there may be inside the string. They
              don't add any slashes AFAIK.

              - --
              - ----------------------------------
              Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

              Un ordenador no es un televisor ni un microondas, es una herramienta
              compleja.
              -----BEGIN PGP SIGNATURE-----
              Version: GnuPG v1.4.2 (GNU/Linux)

              iD8DBQFDvHGI3jc Q2mg3Pc8RAkK5AJ 4hsCT0GbJfVDu3T HFG/qcOZro/2gCffUTQ
              0g6yh1Bd3jyKDvf ZxWe8lDw=
              =PuYe
              -----END PGP SIGNATURE-----

                Comment

                • Toby Inkster
                  #5
                  Re: [PostgreSQL] Unescaping escaped strings?

                  Iván Sánchez Ortega wrote:
                  [color=blue]
                  > No, it does not. pg_escape_strin g (and analogous functions for other DB
                  > engines) just double the single quotes there may be inside the string. They
                  > don't add any slashes AFAIK.[/color]

                  Hmmm... never noticed that. I generally use addshashes() to prepare data
                  for PostgreSQL anyway, which PostgreSQL seems OK about.

                  --
                  Toby A Inkster BSc (Hons) ARCS
                  Contact Me ~ http://tobyinkster.co.uk/contact

                    Comment

                    • Iván Sánchez Ortega
                      #6
                      Re: [PostgreSQL] Unescaping escaped strings?

                      -----BEGIN PGP SIGNED MESSAGE-----
                      Hash: SHA1

                      Toby Inkster wrote:
                      [color=blue]
                      > Iván Sánchez Ortega wrote:
                      >[color=green]
                      >> No, it does not. pg_escape_strin g (and analogous functions for other DB
                      >> engines) just double the single quotes there may be inside the string.
                      >> They don't add any slashes AFAIK.[/color]
                      >
                      > Hmmm... never noticed that. I generally use addshashes() to prepare data
                      > for PostgreSQL anyway, which PostgreSQL seems OK about.[/color]

                      Yes, escaping single quotes by using a backslash is OK, but the SQL
                      standards specify otherwise. Taken from
                      http://www.postgresql.org/docs/8.1/i...ql-syntax.html :

                      "
                      A string constant in SQL is an arbitrary sequence of characters bounded by
                      single quotes ('), for example 'This is a string'. The standard-compliant
                      way of writing a single-quote character within a string constant is to
                      write two adjacent single quotes, e.g. 'Dianne''s horse'. PostgreSQL also
                      allows single quotes to be escaped with a backslash (\'). However, future
                      versions of PostgreSQL will not allow this, so applications using
                      backslashes should convert to the standard-compliant method outlined above.
                      "

                      So, pg_escape_strin g may add backslashes, or it may not. It may double any
                      single quotes, or it may not. The only things I'm sure are:
                      - - pg_escape_strin g allows a string to be put inside single quotes for use
                      into a SQL INSERT clause, given that versions of the client library and the
                      psql server are the same, and
                      - - the standard way to escape single-quoted strings for use in any SQL
                      standard-compliant DB engine is str_replace("'" ,"''",$whatever );

                      If you insist on using homebrew, non-standard ways of escaping data for use
                      into SQL statements (such as addslashes();), you risk incompatibility . For
                      your own good, I suggest you to stop doing so.

                      - --
                      - ----------------------------------
                      Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

                      Mientras los necios deciden, los inteligentes deliberan.- Plutarco.
                      -----BEGIN PGP SIGNATURE-----
                      Version: GnuPG v1.4.2 (GNU/Linux)

                      iD8DBQFDvTyV3jc Q2mg3Pc8RAjcaAJ 9Z2SZNVbMydrAUS f4Qm3GH7O9FewCd Gc33
                      ARF9uyCXYJw+6q1 H6oTYmB4=
                      =Ex2J
                      -----END PGP SIGNATURE-----

                        Comment

                        Previous template Next
                        Working...