--- ZSQLExtend/ZSQLExtend.py	2003/12/03 17:38:43	1.2
+++ ZSQLExtend/ZSQLExtend.py	2003/12/11 17:22:51	1.3
@@ -5,6 +5,7 @@ from Globals import DTMLFile
 import urllib
 import re
 import string
+from pyPgSQL import libpq
 from AccessControl import getSecurityManager
 
 def quoteString(name):
@@ -48,7 +49,7 @@ class ZSQLExtendFolder(Persistent, Impli
         valueList=[]
         for x in addList.keys():
             keyList.append("\""+x+"\"")
-            valueList.append("\'"+addList[x]+"\'")
+            valueList.append(libpq.PgQuoteString(addList[x]))
 
         keyString=string.join(keyList,",")
         valueString=string.join(valueList,",")
@@ -72,11 +73,11 @@ class ZSQLExtendFolder(Persistent, Impli
                 table=urllib.unquote(value)
             elif name=="-identify":
                 identify=urllib.unquote(value)
-                identify=identify.split("=")[0]+"=\'"+identify.split("=")[1]+"\'"
+                identify=identify.split("=")[0]+"="+libpq.PgQuoteString(identify.split("=")[1])
             elif name=="-format":
                 format=urllib.unquote(value)
             elif (not name[0]=="-") and (not len(value)==0):
-                changeList.append("\""+name+"\"=\'"+urllib.unquote(value)+"\'")
+                changeList.append("\""+name+"\"="+libpq.PgQuoteString(urllib.unquote(value)))
         changeString=string.join(changeList,",")
         queryString="UPDATE %s SET %s WHERE %s"%(table,changeString,identify)
         self.search(var=queryString)