Yea, I know, but that doesn't help me. I need to know how to insert
binary data. I can't do it as text without escaping because it's not
null terminated and may contain nulls. I can't do it as binary
because I don't have any documentation on how to use it that way.
What I'm asking for is an expample or a document showing me how to do
it. I already know my way doesn't work.
If you could show me the proper way to do it that would be great.
David
On 6/3/05, Volkan YAZICI <volkan.yazici@gmail.com> wrote:
> Hi,
>
> On 6/3/05, David Hinkle <drachs@gmail.com> wrote:
> > As you can see, I assumed I could use PQexapeBytea to escape the
> > binary data and then just use the returned value as a text parameter.
>
> You don't need to (also you shouldn't) escape any data while using
> parameters. Because, you'll miss one big advantage of parameter usage.
> From PQexecParams() documentation:
>
> «The primary advantage of PQexecParams over PQexec is that parameter
> values may be separated from the command string, thus avoiding the
> need for tedious and error-prone quoting and escaping. Unlike PQexec,
> PQexecParams allows at most one SQL command in the given string.
> (There can be semicolons in it, but not more than one nonempty
> command.) This is a limitation of the underlying protocol, but has
> some usefulness as an extra defense against SQL-injection attacks.»
>
> Regards.
>
