Re: Re: Escaping strings for inclusion into SQL queries

Has this been resolved?


> Peter Eisentraut <peter_e@gmx.net> writes:
> > Tom Lane writes:
> >> I don't follow.  xddouble can only expand to two quote marks, so how
> >> does it matter which one we use as the result?
> 
> > addlit() expects the first argument to be null-terminated and implicitly
> > uses that null byte at the end of the supplied argument to terminate its
> > own buffer.
> 
> Hmm, so I see:
> 
>     /* append data --- note we assume ytext is null-terminated */
>     memcpy(literalbuf+literallen, ytext, yleng+1);
>     literallen += yleng;
> 
> Given that we are passing the length of the desired string, it seems
> bug-prone for addlit to *also* expect null termination.  I'd suggest
> 
>     memcpy(literalbuf+literallen, ytext, yleng);
>     literallen += yleng;
>     literalbuf[literallen] = '\0';
> 
> instead.
> 
>             regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://www.postgresql.org/search.mpl
> 

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026