that may work but you would need to try. try insert a ' and \ in a text field and see if you get any OperationalError
On Sep 30, 8:59 am, Adrian Klaver <[email protected]> wrote: > On Thursday 30 September 2010 6:47:38 am mdipierro wrote: > > > The problem is that postgresql before 8.2 was not conform to the SQL > > specs and uses > > > \' to escape quotes instead of '' > > > even in 8.2 it was optional and had to be set with the command that > > gives you trouble. > > If its only a matter of \' then see > here:http://www.postgresql.org/docs/7.4/interactive/runtime-config.html#RU... > > "backslash_quote (string) > > This controls whether a quote mark can be represented by \' in a string > literal. The preferred, SQL-standard way to represent a quote mark is by > doubling it ('') but PostgreSQL has historically also accepted \'. However, > use > of \' creates security risks because in some client character set encodings, > there are multibyte characters in which the last byte is numerically > equivalent > to ASCII \. If client-side code does escaping incorrectly then a SQL-injection > attack is possible. This risk can be prevented by making the server reject > queries in which a quote mark appears to be escaped by a backslash. The > allowed > values of backslash_quote are on (allow \' always), off (reject always), and > safe_encoding (allow only if client encoding does not allow ASCII \ within a > multibyte character). safe_encoding is the default setting. " > > -- > Adrian Klaver > [email protected]
