| From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-committers(at)postgresql(dot)org |
| Subject: | Re: pgsql: Add new escaping functions PQescapeLiteral and |
| Date: | 2010-01-21 17:39:52 |
| Message-ID: | 603c8f071001210939o49ccd1c5u6c7d7c276452bc8a@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
On Thu, Jan 21, 2010 at 12:37 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> rhaas(at)postgresql(dot)org (Robert Haas) writes:
>> Add new escaping functions PQescapeLiteral and PQescapeIdentifier.
>
> Minor gripe: this loop test is unsafe:
>
> + /* Scan the string for characters that must be escaped. */
> + for (s = str; *s != '\0' && (s - str) < len; ++s)
>
> Should check len first, else you might be fetching a byte that isn't
> there.
Good catch.
> On a stylistic level, shouldn't as_ident be declared bool not int?
Stupid bool. Real programmers use int, except when they just program
in assembly directly.
...Robert
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2010-01-21 18:43:26 | pgsql: Fix unsafe loop test, and declare as_ident as bool rather than |
| Previous Message | Tom Lane | 2010-01-21 17:37:23 | Re: pgsql: Add new escaping functions PQescapeLiteral and |