469,626 Members | 861 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,626 developers. It's quick & easy.

[PostgreSQL] Unescaping escaped strings?

Hello!

How do one unescape strings prepared with pg_escape_string() ?
stripslashes() will not work because both these functions are not
completely compatible.

Thank you all in advance

--
Micha³ Gancarski
"When I get down on my knees, it is not to pray" Madonna
Jan 4 '06 #1
5 12030
Michał Gancarski wrote:
How do one unescape strings prepared with pg_escape_string() ?
stripslashes() will not work because both these functions are not
completely compatible.


StripCSlashes() might do it. Technically, it's the inverse of
AddCSlashes(), but I can't see any reason it shouldn't work.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Jan 4 '06 #2
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Micha³ Gancarski wrote:
How do one unescape strings prepared with pg_escape_string() ?


You don't - when fetching the results from a SQL query, they will be already
unescaped.

This applies for most DB engines too.

- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

http://acm.asoc.fi.upm.es/~mr/ ; http://acm.asoc.fi.upm.es/~ivan/
MSN:i_*************************@hotmail.com
Jabber:iv*********@jabber.org ; iv*********@kdetalk.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDvHFD3jcQ2mg3Pc8RAs8UAJ9K0SWdeC0VFuMX0ABOXB rsz3KQUQCfaAAv
y0govlCUYg6rk/UdOGN62HQ=
=Iokv
-----END PGP SIGNATURE-----
Jan 5 '06 #3
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Toby Inkster wrote:
How do one unescape strings prepared with pg_escape_string() ?


StripCSlashes() might do it.


No, it does not. pg_escape_string (and analogous functions for other DB
engines) just double the single quotes there may be inside the string. They
don't add any slashes AFAIK.

- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

Un ordenador no es un televisor ni un microondas, es una herramienta
compleja.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDvHGI3jcQ2mg3Pc8RAkK5AJ4hsCT0GbJfVDu3THFG/qcOZro/2gCffUTQ
0g6yh1Bd3jyKDvfZxWe8lDw=
=PuYe
-----END PGP SIGNATURE-----
Jan 5 '06 #4
Iván Sánchez Ortega wrote:
No, it does not. pg_escape_string (and analogous functions for other DB
engines) just double the single quotes there may be inside the string. They
don't add any slashes AFAIK.


Hmmm... never noticed that. I generally use addshashes() to prepare data
for PostgreSQL anyway, which PostgreSQL seems OK about.

--
Toby A Inkster BSc (Hons) ARCS
Contact Me ~ http://tobyinkster.co.uk/contact

Jan 5 '06 #5
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Toby Inkster wrote:
Iván Sánchez Ortega wrote:
No, it does not. pg_escape_string (and analogous functions for other DB
engines) just double the single quotes there may be inside the string.
They don't add any slashes AFAIK.


Hmmm... never noticed that. I generally use addshashes() to prepare data
for PostgreSQL anyway, which PostgreSQL seems OK about.


Yes, escaping single quotes by using a backslash is OK, but the SQL
standards specify otherwise. Taken from
http://www.postgresql.org/docs/8.1/i...ql-syntax.html :

"
A string constant in SQL is an arbitrary sequence of characters bounded by
single quotes ('), for example 'This is a string'. The standard-compliant
way of writing a single-quote character within a string constant is to
write two adjacent single quotes, e.g. 'Dianne''s horse'. PostgreSQL also
allows single quotes to be escaped with a backslash (\'). However, future
versions of PostgreSQL will not allow this, so applications using
backslashes should convert to the standard-compliant method outlined above.
"

So, pg_escape_string may add backslashes, or it may not. It may double any
single quotes, or it may not. The only things I'm sure are:
- - pg_escape_string allows a string to be put inside single quotes for use
into a SQL INSERT clause, given that versions of the client library and the
psql server are the same, and
- - the standard way to escape single-quoted strings for use in any SQL
standard-compliant DB engine is str_replace("'","''",$whatever);

If you insist on using homebrew, non-standard ways of escaping data for use
into SQL statements (such as addslashes();), you risk incompatibility. For
your own good, I suggest you to stop doing so.

- --
- ----------------------------------
Iván Sánchez Ortega -i-punto-sanchez--arroba-mirame-punto-net

Mientras los necios deciden, los inteligentes deliberan.- Plutarco.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDvTyV3jcQ2mg3Pc8RAjcaAJ9Z2SZNVbMydrAUSf4Qm3 GH7O9FewCdGc33
ARF9uyCXYJw+6q1H6oTYmB4=
=Ex2J
-----END PGP SIGNATURE-----
Jan 5 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Rene Pijlman | last post: by
4 posts views Thread by Morten Goodwin Olsen | last post: by
reply views Thread by Rob | last post: by
6 posts views Thread by Brett | last post: by
2 posts views Thread by Vance Kessler | last post: by
2 posts views Thread by Kristian Rink | last post: by
7 posts views Thread by Jonny | last post: by
3 posts views Thread by John Nagle | last post: by
reply views Thread by gheharukoh7 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.