On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> rhaas@postgresql.org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> + /* Scan the string for characters that must be escaped. */
> + for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.
Good catch.
> On a stylistic level, shouldn't as_ident be declared bool not int?
Stupid bool. Real programmers use int, except when they just program
in assembly directly.
...Robert