| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | "surabhi(dot)ahuja" <surabhi(dot)ahuja(at)iiitb(dot)ac(dot)in> |
| Cc: | Tino Wildenhain <tino(at)wildenhain(dot)de>, Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: a stored procedure ..with integer as the parameter |
| Date: | 2005-10-27 10:25:18 |
| Message-ID: | 4360AB0E.7040004@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
surabhi.ahuja wrote:
> My appliaction is in C++
>
> and i am getting char* ..s which i need to insert into the
> table...and for insert i am calling a stored procedure.
>
> But i need to form the call to the stored procedure with the above
> char*s as the argument.
Fine - just make sure you validate your data and format it properly.
If you are expecting an integer and a text field then check that the
first is a valid integer and escape any single quotes in the text-field.
Then you can build your query as you are at the moment.
I'm afraid I don't know much about the libpqxx C++ library, but it must
have facilities to escape quotes etc.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Uzo Madujibeya | 2005-10-27 10:46:16 | Problem with SSL and postgreSQL 8.0.4 |
| Previous Message | surabhi.ahuja | 2005-10-27 09:53:49 | Re: a stored procedure ..with integer as the parameter |