surabhi.ahuja wrote:
> My appliaction is in C++
>
> and i am getting char* ..s which i need to insert into the
> table...and for insert i am calling a stored procedure.
>
> But i need to form the call to the stored procedure with the above
> char*s as the argument.
Fine - just make sure you validate your data and format it properly.
If you are expecting an integer and a text field then check that the
first is a valid integer and escape any single quotes in the text-field.
Then you can build your query as you are at the moment.
I'm afraid I don't know much about the libpqxx C++ library, but it must
have facilities to escape quotes etc.
--
Richard Huxton
Archonet Ltd