Re: Re: Escaping strings for inclusion into SQL queries

Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> I don't follow.  xddouble can only expand to two quote marks, so how
>> does it matter which one we use as the result?

> addlit() expects the first argument to be null-terminated and implicitly
> uses that null byte at the end of the supplied argument to terminate its
> own buffer.

Hmm, so I see:
/* append data --- note we assume ytext is null-terminated */memcpy(literalbuf+literallen, ytext, yleng+1);literallen
+=yleng;
 

Given that we are passing the length of the desired string, it seems
bug-prone for addlit to *also* expect null termination.  I'd suggest
memcpy(literalbuf+literallen, ytext, yleng);literallen += yleng;literalbuf[literallen] = '\0';

instead.
        regards, tom lane