Because you are using an input syntax that requires that quotes and backslashes be escaped. There are other input methods available that don't require this, but they have disadvantages of their own. In particular, you have to separate data from SQL command if you want a no-escape-processing behavior for data.
right, I was looking for the alternate input methods that you allude to. I have been unable to find an example of exactly how to do this.
> I think this behavior stems from a security problem psql had a while > back where escape characters were being interpreted, and this may be > another instance of that functionality.
Matt, you have no idea what you are talking about.
I readily admit that I didn't read much into it, but I think you are mistaken. If you look at the following links you will see that postgresql definitely had a vulnerability that allowed sql injection through the use of escape characters. I was simply saying that this behavior might be a way of preventing that from happening again.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802
http://cert.uni-stuttgart.de/doc/postgresql/escape/
_________________________________________________________________
Get dial-up Internet access now with our best offer: 6 months @$9.95/month! http://join.msn.com/?page=dept/dialup
---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
