Postgres Pro
Downloads
Home   >   mailing lists

Thread: pgsql: Add new escaping functions PQescapeLiteral and

pgsql: Add new escaping functions PQescapeLiteral and

From
rhaas@postgresql.org (Robert Haas)
Date:
Log Message:
-----------
Add new escaping functions PQescapeLiteral and PQescapeIdentifier.

PQescapeLiteral is similar to PQescapeStringConn, but it relieves the
caller of the need to know how large the output buffer should be, and
it provides the appropriate quoting (in addition to escaping special
characers within the string).  PQescapeIdentifier provides similar
functionality for escaping identifiers.

Per recent discussion with Tom Lane.

Modified Files:
--------------
    pgsql/doc/src/sgml:
        libpq.sgml (r1.294 -> r1.295)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/libpq.sgml?r1=1.294&r2=1.295)
    pgsql/src/interfaces/libpq:
        exports.txt (r1.23 -> r1.24)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/exports.txt?r1=1.23&r2=1.24)
        fe-exec.c (r1.206 -> r1.207)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-exec.c?r1=1.206&r2=1.207)
        libpq-fe.h (r1.148 -> r1.149)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/libpq-fe.h?r1=1.148&r2=1.149)

Re: pgsql: Add new escaping functions PQescapeLiteral and

From
Tom Lane
Date:
rhaas@postgresql.org (Robert Haas) writes:
> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.

Minor gripe: this loop test is unsafe:

+     /* Scan the string for characters that must be escaped. */
+     for (s = str; *s != '\0' && (s - str) < len; ++s)

Should check len first, else you might be fetching a byte that isn't
there.

On a stylistic level, shouldn't as_ident be declared bool not int?

            regards, tom lane

Re: pgsql: Add new escaping functions PQescapeLiteral and

From
Robert Haas
Date:
On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> rhaas@postgresql.org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> +       /* Scan the string for characters that must be escaped. */
> +       for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.

Good catch.

> On a stylistic level, shouldn't as_ident be declared bool not int?

Stupid bool.  Real programmers use int, except when they just program
in assembly directly.

...Robert