| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
| Cc: | Florian Weimer <Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Re: Escaping strings for inclusion into SQL queries |
| Date: | 2001-09-04 00:44:36 |
| Message-ID: | 15611.999564276@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane writes:
>> I don't follow. xddouble can only expand to two quote marks, so how
>> does it matter which one we use as the result?
> addlit() expects the first argument to be null-terminated and implicitly
> uses that null byte at the end of the supplied argument to terminate its
> own buffer.
Hmm, so I see:
/* append data --- note we assume ytext is null-terminated */
memcpy(literalbuf+literallen, ytext, yleng+1);
literallen += yleng;
Given that we are passing the length of the desired string, it seems
bug-prone for addlit to *also* expect null termination. I'd suggest
memcpy(literalbuf+literallen, ytext, yleng);
literallen += yleng;
literalbuf[literallen] = '\0';
instead.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-09-04 00:48:22 | Re: Bytea/Base64 encoders for libpq - interested? |
| Previous Message | Peter Eisentraut | 2001-09-04 00:40:38 | Re: Re: Escaping strings for inclusion into SQL queries |