Skip site navigation (1) Skip section navigation (2)

PQescapeStringConn problem

From: Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: PQescapeStringConn problem
Date: 2010-05-15 17:01:19
Message-ID: AANLkTinSWLlsvTSNwoWFaXhOoHCQDCa-1g8LhekHZL4w@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-novice
Hi. I am using libpq in my C application to comunicate with database.
Application gets input from untrustworthy source and then uses it in
SQL requests. To avoid SQL injection I want to use PQescapeStringConn
function. The problem is, that i don't know how to properly use this
function.

http://www.postgresql.org/docs/7.3/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING

How can I know the size of "to" buffer before I call this function? If
I don't know it it may cause heap overflow..
Can you provide some example how this function is used in other apps?

Responses

pgsql-novice by date

Next:From: Tom LaneDate: 2010-05-15 17:13:32
Subject: Re: PQescapeStringConn problem
Previous:From: Andreas KretschmerDate: 2010-05-15 07:22:27
Subject: Re: Full table scan: 300 million rows

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group