Re: Re: Escaping strings for inclusion into SQL queries
| От | Tom Lane |
|---|---|
| Тема | Re: Re: Escaping strings for inclusion into SQL queries |
| Дата | |
| Msg-id | 15611.999564276@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: Re: Escaping strings for inclusion into SQL queries (Peter Eisentraut <peter_e@gmx.net>) |
| Ответы |
Re: Re: Escaping strings for inclusion into SQL queries
|
| Список | pgsql-hackers |
Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> I don't follow. xddouble can only expand to two quote marks, so how
>> does it matter which one we use as the result?
> addlit() expects the first argument to be null-terminated and implicitly
> uses that null byte at the end of the supplied argument to terminate its
> own buffer.
Hmm, so I see:
/* append data --- note we assume ytext is null-terminated */memcpy(literalbuf+literallen, ytext, yleng+1);literallen
+=yleng;
Given that we are passing the length of the desired string, it seems
bug-prone for addlit to *also* expect null termination. I'd suggest
memcpy(literalbuf+literallen, ytext, yleng);literallen += yleng;literalbuf[literallen] = '\0';
instead.
regards, tom lane
В списке pgsql-hackers по дате отправления: