Daniele,
as you found correctly, I was allready biten by that bytea-escape-bug.
The aftermath led to the PQlibVersion() function for libpq, committed
by Magnus @ http://git.postgresql.org/gitweb?p=postgresql.git;a=commit;h=de9a4c27fefcc0d104bc9c97f4a93a49a25bf66d
> Please note that I have not written a parser for user input: this is a
> parser specifically used to receive data from the database and is only
> used to parse the bytea *output* format
> (http://www.postgresql.org/docs/9.0/static/datatype-binary.html).
> I would be very concerned in replacing >PQescapeString/PQescapeBytea for
> the reason you mention, and I would never do it to gain performance:
your arguments are sound. And a line at "nothing from the user, just
stuff from the database" is a line correctly drawn. Parsing things
that come from the database should be save.
Thanks for taking the time to answer my fears,
best wishes
Harald
--
Harald Armin Massa www.2ndQuadrant.com
PostgreSQL Training, Services and Support
2ndQuadrant Deutschland GmbH
GF: Harald Armin Massa
Amtsgericht Stuttgart, HRB 736399