Re: pgsql: Add new escaping functions PQescapeLiteral and

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: pgsql-committers(at)postgresql(dot)org
Subject: Re: pgsql: Add new escaping functions PQescapeLiteral and
Date: 2010-01-21 17:37:23
Message-ID: 10384.1264095443@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

rhaas(at)postgresql(dot)org (Robert Haas) writes:
> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.

Minor gripe: this loop test is unsafe:

+ /* Scan the string for characters that must be escaped. */
+ for (s = str; *s != '\0' && (s - str) < len; ++s)

Should check len first, else you might be fetching a byte that isn't
there.

On a stylistic level, shouldn't as_ident be declared bool not int?

regards, tom lane

In response to

Responses

Browse pgsql-committers by date

  From Date Subject
Next Message Robert Haas 2010-01-21 17:39:52 Re: pgsql: Add new escaping functions PQescapeLiteral and
Previous Message Robert Haas 2010-01-21 14:58:53 pgsql: Add new escaping functions PQescapeLiteral and