Can't input single quotes on PostgreSQL connection string

Jack_McSlay · Apr 16, 2008

I'm doing this

		$conn_str = 
			'host=\''.pg_escape_string($host).
			'\' user=\''.pg_escape_string($user).
			'\' password=\''.pg_escape_string($password).
			'\' dbname=\''.pg_escape_string($database).'\''
		;
		$this->handler = pg_pconnect($conn_str);

And whenever $password has a single quote in it I get an error like this:

Unable to connect to PostgreSQL server: missing "=" after "''" in connection info string

What is the proper way to format a PgSQL connection info string?

laserlight · Apr 17, 2008

The PHP manual's entry on [man]pg_connect/man states: "Single quotes and backslashes within the value must be escaped with a backslash, i.e., \' and \."

Now, pg_escape_string() performs the usual SQL string escaping, i.e., it escapes single quotes by doubling them. What you want to use instead, is [man]addslashes/man, e.g.,

$conn_str = "host='" . addslashes($host)
        . "' user='" . addslashes($user)
        . "' password='" . addslashes($password)
        . "' dbname='" . addslashes($database) . "'";
$this->handler = pg_pconnect($conn_str);