[erlang-questions] String and single quote escaping

PAILLEAU Eric eric.pailleau@REDACTED
Wed Oct 8 17:43:57 CEST 2014

You should not do escape by yourself.
Fred is right on this. Use functions or prepared statements.

I personnaly use dollar quoting with Postgresql, as I already wrote in a 
former mail.
This way, you don't have to bother with escaping, a kind of XML CDATA 
for SQL...

Simply use $$ around your string, or better, with a dynamic random value 
between first and second $ , to avoid any SQL injections.

$A12345T$ your string with annoying quotes like this : ' $A12345T$


More information about the erlang-questions mailing list