[Libpqxx-general] [Q] How to escape SQL string when using transactors?
Marcel Loose
loose at astron.nl
Fri Dec 7 16:17:15 UTC 2007
Hi,
I was wondering how to solve the following problem.
I use the transactor framework to wrap my transactions. Since I use key/value pairs to store the result of any query, I decided I only needed to write one transactor to perform any transaction. See the attached (slightly simplified) files ExecQuery.h and ExecQuery.cc.
Now I face the following problem. In order to make sure that my SQL query is well-formed, I need to escape characters like single quote (') and backslash (\) that might appear as arguments in, e.g., an insert query. I could use pqxx::sqlesc() for this, but this function is marked as "deprecated". However, I cannot use the suggested alternative pqxx::transaction::esc(), because, when I'm constructing the query -- outside the ExecQuery transactor! -- I don't have a transaction object. This object first surfaces in my transactor's operator(). But then it is too late to quote the query, because only arguments should be quoted, not the complete query.
How should I do this?
Kind regards,
Marcel Loose.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ExecQuery.h
Type: application/octet-stream
Size: 366 bytes
Desc: not available
Url : http://pgfoundry.org/pipermail/libpqxx-general/attachments/20071207/0bcc339a/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ExecQuery.cc
Type: application/octet-stream
Size: 755 bytes
Desc: not available
Url : http://pgfoundry.org/pipermail/libpqxx-general/attachments/20071207/0bcc339a/attachment-0001.obj
More information about the Libpqxx-general
mailing list