Skip site navigation (1) Skip section navigation (2)

Re: PQescapeStringConn problem

From: Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: PQescapeStringConn problem
Date: 2010-05-15 18:48:00
Message-ID: AANLkTikJh44UPhOGjN96oLDUN29w3q6JE4cYvOob7-OQ@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-novice
Oh, my bad, didn't read carefully. And not, i am not using 7.3, that's
another failure in my copy-paste skills :)

2010/5/15 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com> writes:
>> Hi. I am using libpq in my C application to comunicate with database.
>> Application gets input from untrustworthy source and then uses it in
>> SQL requests. To avoid SQL injection I want to use PQescapeStringConn
>> function. The problem is, that i don't know how to properly use this
>> function.
>
>> http://www.postgresql.org/docs/7.3/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
>
>> How can I know the size of "to" buffer before I call this function?
>
> I trust you're not *really* using Postgres 7.3?  But in any case,
> that documentation says
>
>        to shall point to a buffer that is able to hold at least one more byte
>        than twice the value of length
>
> ie maximum output is 2 bytes per input byte, plus a null terminator.
>
>                        regards, tom lane
>

In response to

pgsql-novice by date

Next:From: David JarvisDate: 2010-05-16 02:25:47
Subject: Bulk Insert
Previous:From: Tom LaneDate: 2010-05-15 17:13:32
Subject: Re: PQescapeStringConn problem

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group