I have some dev-related questions at the end of this message, so please bear with me. :-)
On Thursday, October 24, 2002, at 09:54 PM, David Wheeler wrote:
The DBI documentation says of quote():
Quote will probably not be able to deal with all pos-
sible input (such as binary data or data containing
newlines), and is not related in any way with escaping
or quoting shell meta-characters.
But the real solution is the one Rudy suggested. The appearance of the single quotes around data escaped by quote() is there because the method is designed for quoting data you wish to use inline in a SQL statement, not with placeholders. Thus, it's designed for something like this:
$data = $dbh->quote($data);
$dbh->do("insert into foo (byte_data) values ($data)");
But it's not designed for use with a prepared statement using placeholders. For that, use bind_param() as Rudy suggested, and you'll be fine.
Apologies for the confusion.
Now, the driver-development questions: Should DBD::Pg's execute() method know which bound parameters are binary without being explicitly told via the attributes to bind_param(), and escape accordingly? Or should DBI users always explicitly bind binary data using bind_param()'s attributes?
If the answer to the first question is "yes", then how should this be implemented? And if the answer to the first question is "no" and the second question is "maybe", would it make sense to have whatever code in execute() that is escaping string data also do the proper escapes for binary data, since in PostgreSQL they're compatible?
TIA,
David
--
David Wheeler AIM: dwTheory
[EMAIL PROTECTED] ICQ: 15726394
http://david.wheeler.net/ Yahoo!: dew7e
Jabber: [EMAIL PROTECTED]
