| From: | Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: PQescapeStringConn problem |
| Date: | 2010-05-15 18:48:00 |
| Message-ID: | AANLkTikJh44UPhOGjN96oLDUN29w3q6JE4cYvOob7-OQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Oh, my bad, didn't read carefully. And not, i am not using 7.3, that's
another failure in my copy-paste skills :)
2010/5/15 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com> writes:
>> Hi. I am using libpq in my C application to comunicate with database.
>> Application gets input from untrustworthy source and then uses it in
>> SQL requests. To avoid SQL injection I want to use PQescapeStringConn
>> function. The problem is, that i don't know how to properly use this
>> function.
>
>> http://www.postgresql.org/docs/7.3/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
>
>> How can I know the size of "to" buffer before I call this function?
>
> I trust you're not *really* using Postgres 7.3? But in any case,
> that documentation says
>
> to shall point to a buffer that is able to hold at least one more byte
> than twice the value of length
>
> ie maximum output is 2 bytes per input byte, plus a null terminator.
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Jarvis | 2010-05-16 02:25:47 | Bulk Insert |
| Previous Message | Tom Lane | 2010-05-15 17:13:32 | Re: PQescapeStringConn problem |