[erlang-questions] String and single quote escaping
PAILLEAU Eric
eric.pailleau@REDACTED
Wed Oct 8 17:43:57 CEST 2014
Hi,
You should not do escape by yourself.
Fred is right on this. Use functions or prepared statements.
I personnaly use dollar quoting with Postgresql, as I already wrote in a
former mail.
This way, you don't have to bother with escaping, a kind of XML CDATA
for SQL...
Simply use $$ around your string, or better, with a dynamic random value
between first and second $ , to avoid any SQL injections.
$A12345T$ your string with annoying quotes like this : ' $A12345T$
Regards
More information about the erlang-questions
mailing list