Postgresql putting quoted data in and taking it out

[bsteimel]

Problem 1 data going in securely:

 

I am having a serious problem with quotes, postgresql and php.  I have a database that needs to store XML tags inside the database such as <p1 type="example"/>.  The data in the database will be exported in many other formats and with many different tools and languages so i would like it to remain true.  If I put in pg_escape_string the data goes into the database as <p1 type=\"example\"/>  I'd rather have the original in the database so i just don't use the escape function and it goes in fine, but is that secure?  Also information has already been put into the database directly so there is already the first example in the database.

 

problem 2 data coming out:  How do i remove the data if it doesn't already have the slashes in place?  When i try to use pg_fetch_row or object or array i get spaces, and blanks and things go all over the place.  Is there a postgres php function  that escapes strings on the way out of a database.

 

any help would be great, thanks in advance

I'm a new user here but have been a php programmer for 2 years now, while i have used this site for reference this is my first time posting, and i'm pretty sure it won't be my last.

 

postgresql 8, php 5, apache 2.2.4

[btherl]

pg_escape_string() is not the problem.  It's necessary for adding data to the database, and does not modify the actual data.  Can you post your code so we can debug it?

[bsteimel]

I found the problem.  I did not have the database connection in the escape call.  If i did not include the database connection it would input \" into the database.  With the slashes not being put into the database there is then no problem of retrieving the information.