pg-hstore icon indicating copy to clipboard operation
pg-hstore copied to clipboard

Published 20 hours ago verified publisher icon scarney81

allow for un-sanitized hstore stringify

Open 1o1brian opened this issue 11 years ago • 1 comments

I'm using the node "pg" npm module to connect to postgres. Suppose I have a table like this:

create table somedata (col hstore)

if I insert into the table from node like this:

client.query(
  "insert into somedata (col) values ($1)", 
  [hstore.stringify({a:"a'"})]
)

I will get a double sanitization so the key is a and the value is a''. I think it would be valuable to have a stringify that doesn't sanitize so that the resulting strings would be ready for use in prepared statements or statements with place holders where the sanitization is done within the database.

Thanks

1o1brian avatar Jun 19 '13 19:06 1o1brian

+1

Noticed this while reading the code immediately. I don't believe single quotes are to be escaped inside an hstore string. Escaping single's is the concern of the thing outside of it.

moll avatar Oct 26 '16 15:10 moll