0

I am writing a function that requires me to store some JavaScript code in a PostgreSQL database table (this is required). I am looking for a "Lazy" way of doing this without modifying my PostgreSQL insert statement to escape the special characters at every instance it might occur within the JavaScript code. I primarily want to avoid doing the escapes in the event that the JavaScript code were to get lengthier. Since this might get a bit messy quickly. PostgreSQL seems to offer the following functions:

  1. quote_literal()
  2. quote_ident()

Reference: PostgreSQL String Formatting Functions

Having tested both of these a common error I am running into is the following error:

Error: unterminated quoted identifier at or near "": true

At a quick glance it appears that my issue lies in the formatted JavaScript text itself.

Is there a "Lazy" way for me to avoid escaping all these special characters without having to do this manually? Essentially, I would like to dump this code into a variable and perform the insert using the stored variable without (ideally) or with minimal modifications to the stored JScript text.

Below is an example of what my code looks like: 

CREATE OR REPLACE FUNCTION abc.my_function(text, text, text, text, text[])
     RETURNS void AS $body$
DECLARE
     -- Variable Declarations here
     jscript TEXT := quote_ident('/* JScript Comments Here*/ $(document).ready(function(){
     // Initialize Datatable ...
     $('#Index').Datatable({
     "paging": true, // comment here
     "responsive": true, // comment here 
     "pageLength": 25, // comment here
     "columnDefs": [ {
     ...
     ...
     ...
          }]
     });
'); 


BEGIN
     ...
     ...
     ...
     -- Insert static HTML
     execute 'Insert into abc.my_table(file, data, gen_flag) values('||'''main.js||','||jscript||','|| '''N''' || ')';
     ...
     ...
     ...


END; 
$body$
     LANGUAGE 'plpgsql' VOLATILE;
Improve this question

1 Answer 1

Reset to default
2

The main problem is, that you are using quote_ident which is for quoting identifiers (column names, table names, ...) where you should be using quote_literal which is used to properly quote literal values.

To declare your variable and assign the value you can use a second level of dollar quoting so you don't need to worry about single quotes inside the value:

declare 
  jscript TEXT := $js$
     /* JScript Comments Here*/
     $(document).ready(function(){
       // Initialize Datatable ...
       $(#Index').Datatable({
       "paging": true, // comment here
       "responsive": true, // comment here 
       "pageLength": 25, // comment here
       "columnDefs": [ {
       ...
       ...
       ...}]
     });
  $js$;

Dynamic SQL is better created using the format() function which takes care of quoting properly: 

execute format('Insert into abc.my_table(file, data, gen_flag) values(%L, %L, %L), 'main.js',jscript, 'N')';

But you do not need dynamic SQL at all, you can just write:

insert into abc.my_table(file, data, gen_flag) values('main.js', jscript, 'N');

Online demo: https://dbfiddle.uk/?rdbms=postgres_10&fiddle=81b36bb1d3f246637186a419a9b337d4

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

My mistake I spoke to soon. I removed my earlier comment. You are correct!
The $ symbol is being recognized as an unterminated dollar-quoted string in the JQuery is defined. So, $(document).ready(function(){.... i expect this to be the issue here and potentially at every other instance.
@RexCoolCodeCharles: if you use it like I have shown it works fine: i.imgur.com/2xUUpzd.png
Found what I was doing that was causing the error. Thanks, this works. I've re-accepted your answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.