current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I am making an app with node.js, using the express framwork, woth postgresql as my database.

I have to insert some values into my database, and some of them have quotes. e.g. Tony's Seafood Restaurant. I cannot insert values like this.

I tried

name.replace('\'', '\\\'');

and also

name.replace("'", "\'");

but no success.

Problem is the postgresql server formats queries before running them. If the query look like this in my code,

insert into venues values (nextval('venue_venueid_seq'),'"+name+"','"+api+"','"+location+"','"+latitude+"','"+longitude+"','"+category+"','"+category_generalized+"')

then postgresql formats it like this (i found it by printing the client.query object)

insert into venues values (nextval(\'venue_venueid_seq\'),\'Tony\'s Seafood Restaurant\',\'Google Places\',\'18863 California 1, Marshall\',\'38.146777\',\'-122.882987\',\'restaurant,food,establishment\',\'Eatery,Eatery,establishment\')

You see postgresql already places slashes before the starting and the ending quotes of my string, so the escape slashes I programatically inserted in the middle of the string are not working.

How can I insert values like this? Please help.

share|improve this question
    
Does postgres allow you to forego explicitly listing the names of the columns receiving the inserted data values? –  Tim May 31 '13 at 11:46
    
the problem is still there even if i explicitly include column list in insert query...morover i am getting same problem for select query –  Shuaib Jun 1 '13 at 10:27
    
What happens if you don't programatically escape your apostrophes? \Tony's Restaurant\ ? –  Tim Jun 1 '13 at 11:43
1  
See if this page helps you. Check out the section where the inserted values are passed as parameters: github.com/brianc/node-postgres. client.query("INSERT INTO beatles(name, height, birthday) values($1, $2, $3)", ['John', 68, new Date(1944, 10, 13)]); –  Tim Jun 1 '13 at 11:49
    
Using parameterized queries like you showed was the solution. Thanks a lot! –  Shuaib Jun 1 '13 at 14:03

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Browse other questions tagged or ask your own question.