Hi. I am using libpq in my C application to comunicate with database.
Application gets input from untrustworthy source and then uses it in
SQL requests. To avoid SQL injection I want to use PQescapeStringConn
function. The problem is, that i don't know how to properly use this
function.
http://www.postgresql.org/docs/7.3/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
How can I know the size of "to" buffer before I call this function? If
I don't know it it may cause heap overflow..
Can you provide some example how this function is used in other apps?