Re: Stuff for 2.4.1
| От | Harald Armin Massa |
|---|---|
| Тема | Re: Stuff for 2.4.1 |
| Дата | |
| Msg-id | AANLkTi=os+fpNj-gR6yW0hyZOycVUzxbPx1JD3CaQsMM@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Stuff for 2.4.1 (Daniele Varrazzo <daniele.varrazzo@gmail.com>) |
| Список | psycopg |
Daniele, as you found correctly, I was allready biten by that bytea-escape-bug. The aftermath led to the PQlibVersion() function for libpq, committed by Magnus @ http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=de9a4c27fefcc0d104bc9c97f4a93a49a25bf66d > Please note that I have not written a parser for user input: this is a > parser specifically used to receive data from the database and is only > used to parse the bytea *output* format > (http://www.postgresql.org/docs/9.0/static/datatype-binary.html). > I would be very concerned in replacing >PQescapeString/PQescapeBytea for > the reason you mention, and I would never do it to gain performance: your arguments are sound. And a line at "nothing from the user, just stuff from the database" is a line correctly drawn. Parsing things that come from the database should be save. Thanks for taking the time to answer my fears, best wishes Harald -- Harald Armin Massa www.2ndQuadrant.com PostgreSQL Training, Services and Support 2ndQuadrant Deutschland GmbH GF: Harald Armin Massa Amtsgericht Stuttgart, HRB 736399
В списке psycopg по дате отправления: