Re^2: postgres reg expression quoting

Replies are listed 'Best First'.
Re^3: postgres reg expression quoting by BrowserUk (Patriarch) on Apr 01, 2009 at 14:15 UTC
Perhaps using quotemeta on the user's input before you supply it to DBI's execute method? Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply]
Re^4: postgres reg expression quoting by zdzieblo (Acolyte) on Apr 01, 2009 at 14:44 UTC
that smells like a solution, quotemeta will add '\' to all non word characters and then during execution that '\' will get quoted to make it '\\' so postgress is happy	[reply]
Re^3: postgres reg expression quoting by ikegami (Patriarch) on Apr 01, 2009 at 14:31 UTC
That's odd. There's nothing variable in what you presented, so how can any of it be from the user? Please don't post one piece of code and ask about another.	[reply]
Re^4: postgres reg expression quoting by zdzieblo (Acolyte) on Apr 01, 2009 at 14:40 UTC
of course there is.. what about the placeholder '?' ;-)	[reply]
Re^5: postgres reg expression quoting by ikegami (Patriarch) on Apr 01, 2009 at 15:07 UTC
My apologies. I didn't look at the expression closely enough and jumped to the wrong conclusion. I have a better understanding of it now. If you're expecting the user to provide text to match literally (as opposed to a regular expression pattern), then you need to convert the text into a regular expression pattern. In Perl, `quotemeta` would do. It will probably do for your database as well. `my $input = '['; $sth->execute(quotemeta($input));` [download]	[reply] [d/l] [select]
Re^6: postgres reg expression quoting by Anonymous Monk on Apr 06, 2009 at 16:42 UTC