David Hughes wrote:
> PgQuoteBytea: Escapes a string, which can contain NUL characters, so
> that it can used as an input to a bytea field.
> PgUnQuoteBytea: Reverses the action of PgQuoteBytea().
I think this documentation isn't quite right. PgUnQuoteBytea isn't
exactly the reverse.
> But these don't seem to be completely symmetrical. The quote function
> also encloses the whole string in single-quotes (why does it need to do
> this?) and any embedded single-quote characters are escaped as two
> single-quotes (documented as a security update in pypgsql 2.5) but
> neither of these are reversed by the unquote function.
> I can work round this by using an construct like:
> sout = PgSQL.libpq.PgUnQuoteBytea(bstring.value).replace("''","'")[1:-1]
Why do you want to do that?
Just use PgQuoteByte() on data you want to send *to* the database. When
retrieving *from* the database, you get back an escaped string. Use
PgUnQuoteBytea() to unquote that string and get binary data out of it.
> but I'd like to check, first, if it's really necessary to do this - I
> may be doing something wrong somewhere, and second, is this a safe
> solution in the general case?
It's only safe as long as the quoting does not change...
Please note, that while the data gets transfered quoted, the database
saves raw binary data. Quoting is only necessary because pypgsql uses
the string based protocol.