Insert values with single quotation in PostgreSQL

Question

I want to run the following query with a single quoted value.

INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc'hotels')

I just want to add abc'hotels value. I used backslash, but it did not work.

INSERT INTO web_camp_keywords (web_id, keyword) VALUES (195, 'abc\'hotels')

How can I resolve this?

Answer 1

You can escape the single quote with another single.

INSERT INTO web_camp_keywords (web_id, keyword) 
VALUES (195, 'abc''hotels')

But personally I think you should be using prepared statements with bind parameters.

Among other things, use of prepared statements with bind parameters is one of the easiest ways to help protect against SQL injection, the biggest source of security holes in web applications.