backslash_quote

backslash_quote

This controls whether a quote mark can be represented by \' in a string literal. The preferred, SQL-standard way to represent a quote mark is by doubling it ('') but PostgreSQL has historically also accepted \'. However, use of \' creates security risks because in some client character set encodings, there are multibyte characters in which the last byte is numerically equivalent to ASCII \.

Value Range Default Set Classifications
on (allow \' always)

off (reject always)

safe_encoding (allow only if client encoding does not allow ASCII \ within a multibyte character)

safe_encoding master

session

reload