Skip site navigation (1) Skip section navigation (2)

Re: Stuff for 2.4.1

From: Harald Armin Massa <harald(at)2ndQuadrant(dot)com>
To: Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com>
Cc: psycopg(at)postgresql(dot)org
Subject: Re: Stuff for 2.4.1
Date: 2011-03-27 18:56:52
Message-ID: AANLkTi=os+fpNj-gR6yW0hyZOycVUzxbPx1JD3CaQsMM@mail.gmail.com (view raw or flat)
Thread:
Lists: psycopg
Daniele,

as you found correctly, I was allready biten by that bytea-escape-bug.
The aftermath led to the PQlibVersion() function for libpq, committed
by Magnus @ http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=de9a4c27fefcc0d104bc9c97f4a93a49a25bf66d

> Please note that I have not written a parser for user input: this is a
> parser specifically used to receive data from the database and is only
> used to parse the bytea *output* format
> (http://www.postgresql.org/docs/9.0/static/datatype-binary.html).
> I would be very concerned in replacing >PQescapeString/PQescapeBytea for
> the reason you mention, and I would never do it to gain performance:

your arguments are sound. And a line at "nothing from the user, just
stuff from the database" is a line correctly drawn. Parsing things
that come from the database should be save.

Thanks for taking the time to answer my fears,

best wishes

Harald





-- 
Harald Armin Massa     www.2ndQuadrant.com
PostgreSQL  Training, Services  and Support

2ndQuadrant Deutschland GmbH
GF: Harald Armin Massa
Amtsgericht Stuttgart, HRB 736399

In response to

psycopg by date

Next:From: Adrian KlaverDate: 2011-03-27 19:01:09
Subject: Re: Stuff for 2.4.1
Previous:From: Karsten HilbertDate: 2011-03-27 18:51:25
Subject: Re: Stuff for 2.4.1

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group