On Wed, 2005-04-20 at 13:05, David Gagnon wrote: > Hi Scott, > > > >I would generally scrub the input before it go to postgresql. Basically > >do a simple string_replace type function that replaces anything that > >ISN'T alphanum with nothing. > > > > > > > If I change the original string the user may not get what he expects as > result. abc[d] is not the samething than abcd... am I right?
Then replace it with properly escaped strings: abc[d] becomes abc\[d\] ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
