Hi. I am using libpq in my C application to comunicate with database.
Application gets input from untrustworthy source and then uses it in
SQL requests. To avoid SQL injection I want to use PQescapeStringConn
function. The problem is, that i don't know how to properly use this
How can I know the size of "to" buffer before I call this function? If
I don't know it it may cause heap overflow..
Can you provide some example how this function is used in other apps?
pgsql-novice by date
|Next:||From: Tom Lane||Date: 2010-05-15 17:13:32|
|Subject: Re: PQescapeStringConn problem |
|Previous:||From: Andreas Kretschmer||Date: 2010-05-15 07:22:27|
|Subject: Re: Full table scan: 300 million rows|