2008/7/22, Junin <[EMAIL PROTECTED]>:
> Tb...
>
> INSERT INTO foo VALUES ('\'teste\'');
>
>
> 2008/7/22 jota. comm <[EMAIL PROTECTED]>:
>> Opa,
>>
>> INSERT INTO foo VALUES ($$'teste'$$);
>>
>> []s
>>
>> 2008/7/22 Osvaldo Kussama <[EMAIL PROTECTED]>:
>>>
>>> http://www.postgresql.org/docs/current/interactive/sql-syntax-lexical.html#AEN1389
>>>
>>> - Also, a single quote can be included in an escape string by writing
>>> \', in addition to the normal way of ''.
>>> - Dollar-Quoted String, ex.: $$Dianne's horse$$
>>>Sim você pode utilizar \' mas, dependendo de sua versão, pode acarretar warnings devido a um possível risco na segurança. Veja em: http://www.postgresql.org/docs/current/interactive/runtime-config-compatible.html#RUNTIME-CONFIG-COMPATIBLE-VERSION Server Configuration 18.12. Version and Platform Compatibility 18.12.1. Previous PostgreSQL Versions backslash_quote (string) This controls whether a quote mark can be represented by \' in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it ('') but PostgreSQL has historically also accepted \'. However, use of \' creates security risks because in some client character set encodings, there are multibyte characters in which the last byte is numerically equivalent to ASCII \. If client-side code does escaping incorrectly then a SQL-injection attack is possible. This risk can be prevented by making the server reject queries in which a quote mark appears to be escaped by a backslash. The allowed values of backslash_quote are on (allow \' always), off (reject always), and safe_encoding (allow only if client encoding does not allow ASCII \ within a multibyte character). safe_encoding is the default setting. Note that in a standard-conforming string literal, \ just means \ anyway. This parameter affects the handling of non-standard-conforming literals, including escape string syntax (E'...'). escape_string_warning (boolean) When on, a warning is issued if a backslash (\) appears in an ordinary string literal ('...' syntax) and standard_conforming_strings is off. The default is on. Applications that wish to use backslash as escape should be modified to use escape string syntax (E'...'), because the default behavior of ordinary strings will change in a future release for SQL compatibility. This variable can be enabled to help detect applications that will break. regex_flavor (string) The regular expression "flavor" can be set to advanced, extended, or basic. The default is advanced. The extended setting might be useful for exact backwards compatibility with pre-7.4 releases of PostgreSQL. See Section 9.7.3.1 for details. sql_inheritance (boolean) This controls the inheritance semantics. If turned off, subtables are not included by various commands by default; basically an implied ONLY key word. This was added for compatibility with releases prior to 7.1. See Section 5.8 for more information. standard_conforming_strings (boolean) This controls whether ordinary string literals ('...') treat backslashes literally, as specified in the SQL standard. The default is currently off, causing PostgreSQL to have its historical behavior of treating backslashes as escape characters. The default will change to on in a future release to improve compatibility with the standard. Applications can check this parameter to determine how string literals will be processed. The presence of this parameter can also be taken as an indication that the escape string syntax (E'...') is supported. Escape string syntax should be used if an application desires backslashes to be treated as escape characters. Osvaldo _______________________________________________ pgbr-geral mailing list [email protected] https://listas.postgresql.org.br/cgi-bin/mailman/listinfo/pgbr-geral
