On 24/02/2012 16:38, David Johnston wrote:
> How about:
>
> WHERE some_col LIKE (user_submitted_input || '%') AND some_col ~ ('^.{' ||
> length_of_user_submitted_input || '}\d*$')
>
> I'd have some reservations regarding multi-byte characters however - but this
> avoids any escaping of the input string.
That's a clever trick, I might end using it.
> You could (should?) write the escaping routine on the server side in a
> user-defined function:
>
> WHERE some_col ~ ('^' || make_regexp_literal(user_submitted_stringliteral) ||
> '\d*$')
I totally agree, but I hoped I could use an already existing function
without having to read the whole spec to figure what should and should
not be escaped.
> David J.
>
>
--
Ronan Dunklau
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
