pg_escape_literal
Prev 4.3. Query Execution Commands Next

pg_escape_literal

pg_escape_literal — Escape and quote a string for use as an SQL string literal

Synopsis

pg_escape_literal conn string

Description

pg_escape_literal returns its string argument safely escaped and quoted for use as an SQL string literal (or string constant).

For example, pg_escape_literal $conn "can't" returns the string 'can''t'.

Arguments

conn

Handle of the connection that the string should be escaped for sending to. (Note: This argument is not used by pgintcl.)

string

The string to quote and escape.

Return Value

The string argument, suitable for use as an SQL string literal, including surrounding single quotes.

Notes

See also pg_quote, pg_escape_string, and pg_escape_identifier.

pg_escape_literal is effectively equivalent to pg_quote, in that both return their string arguments quoted and escaped, suitable for use as an SQL literal. The return results and implementations differ:

  • pg_quote attempts to account for the setting of the standard_conforming_strings PostgreSQL parameter, to determine if backslashes inside the string need special processing. pg_escape_literal returns a result that is correct independent of standard_conforming_strings.

  • The conn parameter is optional with pg_quote, but required with pg_escape_literal.

  • The result from pg_escape_literal uses the PostgreSQL Escape String notation (E'...'), with doubled backslashes inside, if the string contains any backslashes, and the standard quoted literal notation if the string does not contain backslashes. The result from pg_quote always uses the standard SQL quoted literal notation.

This command was added in pgtclng-2.1.0 and in pgintcl-3.5.0.

The conn argument is used to get character set encoding information, which is used to make sure that multi-byte characters do not confuse the escaping process.

Caution

Unlike libpq-based interface implementations, Pgintcl does not have the ability to use character set encoding information, and so it does not use the conn parameter at all.

This command uses or emulates the PostgreSQL libpq function PQescapeIdentifier, which was added in PostgreSQL-9.0.0.

Example

set sql "SELECT * FROM mytable WHERE name = [pg_escape_literal $itemname]"

Prev Up Next
pg_escape_identifier Home pg_escape_bytea
SourceForge.net Logo

This version of the manual was produced for the Pgtcl-ng Sourceforge project web service site, which requires the logo on each page.

To download a logo-free copy of the manual, see the Pgtcl-ng project downloads area.