Обсуждение: pgsql: Add new escaping functions PQescapeLiteral and

Поиск
Список
Период
Сортировка

pgsql: Add new escaping functions PQescapeLiteral and

От
rhaas@postgresql.org (Robert Haas)
Дата:
Log Message:
-----------
Add new escaping functions PQescapeLiteral and PQescapeIdentifier.

PQescapeLiteral is similar to PQescapeStringConn, but it relieves the
caller of the need to know how large the output buffer should be, and
it provides the appropriate quoting (in addition to escaping special
characers within the string).  PQescapeIdentifier provides similar
functionality for escaping identifiers.

Per recent discussion with Tom Lane.

Modified Files:
--------------
    pgsql/doc/src/sgml:
        libpq.sgml (r1.294 -> r1.295)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/doc/src/sgml/libpq.sgml?r1=1.294&r2=1.295)
    pgsql/src/interfaces/libpq:
        exports.txt (r1.23 -> r1.24)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/exports.txt?r1=1.23&r2=1.24)
        fe-exec.c (r1.206 -> r1.207)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/fe-exec.c?r1=1.206&r2=1.207)
        libpq-fe.h (r1.148 -> r1.149)
        (http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/interfaces/libpq/libpq-fe.h?r1=1.148&r2=1.149)

Re: pgsql: Add new escaping functions PQescapeLiteral and

От
Tom Lane
Дата:
rhaas@postgresql.org (Robert Haas) writes:
> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.

Minor gripe: this loop test is unsafe:

+     /* Scan the string for characters that must be escaped. */
+     for (s = str; *s != '\0' && (s - str) < len; ++s)

Should check len first, else you might be fetching a byte that isn't
there.

On a stylistic level, shouldn't as_ident be declared bool not int?

            regards, tom lane

Re: pgsql: Add new escaping functions PQescapeLiteral and

От
Robert Haas
Дата:
On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> rhaas@postgresql.org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> +       /* Scan the string for characters that must be escaped. */
> +       for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.

Good catch.

> On a stylistic level, shouldn't as_ident be declared bool not int?

Stupid bool.  Real programmers use int, except when they just program
in assembly directly.

...Robert