On Thursday 30 September 2010 6:47:38 am mdipierro wrote: > The problem is that postgresql before 8.2 was not conform to the SQL > specs and uses > > \' to escape quotes instead of '' > > even in 8.2 it was optional and had to be set with the command that > gives you trouble. > >
If its only a matter of \' then see here: http://www.postgresql.org/docs/7.4/interactive/runtime-config.html#RUNTIME-CONFIG-COMPATIBLE "backslash_quote (string) This controls whether a quote mark can be represented by \' in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it ('') but PostgreSQL has historically also accepted \'. However, use of \' creates security risks because in some client character set encodings, there are multibyte characters in which the last byte is numerically equivalent to ASCII \. If client-side code does escaping incorrectly then a SQL-injection attack is possible. This risk can be prevented by making the server reject queries in which a quote mark appears to be escaped by a backslash. The allowed values of backslash_quote are on (allow \' always), off (reject always), and safe_encoding (allow only if client encoding does not allow ASCII \ within a multibyte character). safe_encoding is the default setting. " -- Adrian Klaver [email protected]
