| Lists: | pgsql-committers |
|---|
| From: | rhaas(at)postgresql(dot)org (Robert Haas) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Add new escaping functions PQescapeLiteral and |
| Date: | 2010-01-21 14:58:53 |
| Message-ID: | 20100121145853.305D87541B9@cvs.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-committers |
Log Message:
-----------
Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
PQescapeLiteral is similar to PQescapeStringConn, but it relieves the
caller of the need to know how large the output buffer should be, and
it provides the appropriate quoting (in addition to escaping special
characers within the string). PQescapeIdentifier provides similar
functionality for escaping identifiers.
Per recent discussion with Tom Lane.
Modified Files:
--------------
pgsql/doc/src/sgml:
libpq.sgml (r1.294 -> r1.295)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/libpq.sgml?r1=1.294&r2=1.295)
pgsql/src/interfaces/libpq:
exports.txt (r1.23 -> r1.24)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/exports.txt?r1=1.23&r2=1.24)
fe-exec.c (r1.206 -> r1.207)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-exec.c?r1=1.206&r2=1.207)
libpq-fe.h (r1.148 -> r1.149)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/libpq-fe.h?r1=1.148&r2=1.149)
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql: Add new escaping functions PQescapeLiteral and |
| Date: | 2010-01-21 17:37:23 |
| Message-ID: | 10384.1264095443@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-committers |
rhaas(at)postgresql(dot)org (Robert Haas) writes:
> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
Minor gripe: this loop test is unsafe:
+ /* Scan the string for characters that must be escaped. */
+ for (s = str; *s != '\0' && (s - str) < len; ++s)
Should check len first, else you might be fetching a byte that isn't
there.
On a stylistic level, shouldn't as_ident be declared bool not int?
regards, tom lane
| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql: Add new escaping functions PQescapeLiteral and |
| Date: | 2010-01-21 17:39:52 |
| Message-ID: | 603c8f071001210939o49ccd1c5u6c7d7c276452bc8a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-committers |
On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> rhaas(at)postgresql(dot)org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> + /* Scan the string for characters that must be escaped. */
> + for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.
Good catch.
> On a stylistic level, shouldn't as_ident be declared bool not int?
Stupid bool. Real programmers use int, except when they just program
in assembly directly.
...Robert