Leon P Smith

My pleasure =).

That documentation is a holdover from MySQL. The only real issue with using `formatQuery` for your use case is that string escape syntax depends on the `standard_conforming_strings` parameter, which (for...

Well, `PGRange PosInfinity NegInfinity` is a perfectly sensible value, and will be rendered to postgresql as `'empty'`. In fact, that's actually the definition of [`empty`](https://hackage.haskell.org/package/postgresql-simple-0.5.4.0/docs/src/Database.PostgreSQL.Simple.Range.html#empty) in postgresql-simple. The range module...

Well, after playing with it a bit, the problem seems to be that you didn't unescape the string that you are supplying to postgresql-simple. It seems that the COPY command...

Incidentally, the extended escape syntax appears to accept `''` as a single `'` character. You could probably solve this particular case by writing `execute conn "INSERT INTO hstore_test(hstore_col) VALUES(E?)"` but...

Probably a better way of handling this would be to load the file into your temporary table using a copy command, then retrieve the hstore from postgres via postgresql-simple, and...

It didn't result in a malformed query. That error message is coming from the hstore parser, not the sql parser. There is not an exploitable injection here, though there probably...

Concretely, the second line is what you should be supplying in this case: ~~~ "terms"=>"'No Show\\", 100% of the value of the booking will be charged." "terms"=>"'No Show\", 100% of...

Also, it might help to consider the multiple levels of escaping/unescaping that postgres performs. First the sql parser parses one of three string syntaxes, with three different unescaping rules, then...

Adding quickcheck to the test suite is quite acceptable. That failing log message I do find to be rather curious. Let me know when you figure something out.