Skip site navigation (1) Skip section navigation (2)

PQescapeStringConn problem

From: Oliver Kindernay <oliver(dot)kindernay(at)gmail(dot)com>
To: pgsql-novice(at)postgresql(dot)org
Subject: PQescapeStringConn problem
Date: 2010-05-15 17:01:19
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
Hi. I am using libpq in my C application to comunicate with database.
Application gets input from untrustworthy source and then uses it in
SQL requests. To avoid SQL injection I want to use PQescapeStringConn
function. The problem is, that i don't know how to properly use this

How can I know the size of "to" buffer before I call this function? If
I don't know it it may cause heap overflow..
Can you provide some example how this function is used in other apps?


pgsql-novice by date

Next:From: Tom LaneDate: 2010-05-15 17:13:32
Subject: Re: PQescapeStringConn problem
Previous:From: Andreas KretschmerDate: 2010-05-15 07:22:27
Subject: Re: Full table scan: 300 million rows

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group