Home > mailing lists

Re: Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Re: Escaping strings for inclusion into SQL queries
Date	September 3, 2001 23:44:58
Msg-id	15611.999564276@sss.pgh.pa.us Whole thread Raw
In response to	Re: Re: Escaping strings for inclusion into SQL queries (Peter Eisentraut <peter_e@gmx.net>)
Responses	Re: Re: Escaping strings for inclusion into SQL queries (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> I don't follow.  xddouble can only expand to two quote marks, so how
>> does it matter which one we use as the result?

> addlit() expects the first argument to be null-terminated and implicitly
> uses that null byte at the end of the supplied argument to terminate its
> own buffer.

Hmm, so I see:
/* append data --- note we assume ytext is null-terminated */memcpy(literalbuf+literallen, ytext, yleng+1);literallen
+=yleng;

Given that we are passing the length of the desired string, it seems
bug-prone for addlit to *also* expect null termination.  I'd suggest
memcpy(literalbuf+literallen, ytext, yleng);literallen += yleng;literalbuf[literallen] = '\0';

instead.
        regards, tom lane

pgsql-hackers by date:

From: Peter Eisentraut
Date: 03 September 2001, 23:36:35
Subject: Re: Re: Escaping strings for inclusion into SQL queries

From: Tom Lane
Date: 03 September 2001, 23:48:57
Subject: Re: Bytea/Base64 encoders for libpq - interested?

Re: Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next