I want to insert this inside my table in Postgres but I don't know how to escape the special characters. Also, my string is much longer than the one below but contains many such instances.
'<a href='http:\/\/%%code%%' target='_blank'>'
-
i think you need to change your datatype of your filed, now you need to add text as datatype instead of your right now datatype, so you can store html directly on database filed..Ravi Kavaiya– Ravi Kavaiya2016-04-28 04:11:03 +00:00Commented Apr 28, 2016 at 4:11
-
3Are you using prepared statements? If so you don't need to do anything special. If not, use prepared statements.tadman– tadman2016-04-28 04:11:41 +00:00Commented Apr 28, 2016 at 4:11
Add a comment
|
1 Answer
Please use pg_query_params in any data going into a Postgresql database or a similar method that escapes the string correctly. Do not under any circumstances trust any encoding coming from a client ie a Browser.
