[Libpqxx-general] [Q] How to escape SQL string when using transactors?
Jeroen T. Vermeulen
jtv at xs4all.nl
Sun Dec 9 13:18:37 UTC 2007
On Fri, December 7, 2007 23:17, Marcel Loose wrote:
> Now I face the following problem. In order to make sure that my SQL query
> is well-formed, I need to escape characters like single quote (') and
> backslash (\) that might appear as arguments in, e.g., an insert query. I
> could use pqxx::sqlesc() for this, but this function is marked as
> "deprecated". However, I cannot use the suggested alternative
> pqxx::transaction::esc(), because, when I'm constructing the query --
> outside the ExecQuery transactor! -- I don't have a transaction object.
> This object first surfaces in my transactor's operator(). But then it is
> too late to quote the query, because only arguments should be quoted, not
> the complete query.
>
> How should I do this?
You could work around it by opening a separate transaction just for the
escaping. I think a nontransaction should do.
Future releases will have an esc() in the connection classes as well.
Jeroen
More information about the Libpqxx-general
mailing list