From: | David Hinkle <drachs(at)gmail(dot)com> |
---|---|
To: | pgsql-interfaces(at)postgresql(dot)org |
Subject: | Re: libpq, PQExecParams and the inserting of binary data |
Date: | 2005-06-03 17:36:38 |
Message-ID: | ae830e6c05060310367c37a84a@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-interfaces |
Yea, I know, but that doesn't help me. I need to know how to insert
binary data. I can't do it as text without escaping because it's not
null terminated and may contain nulls. I can't do it as binary
because I don't have any documentation on how to use it that way.
What I'm asking for is an expample or a document showing me how to do
it. I already know my way doesn't work.
If you could show me the proper way to do it that would be great.
David
On 6/3/05, Volkan YAZICI <volkan(dot)yazici(at)gmail(dot)com> wrote:
> Hi,
>
> On 6/3/05, David Hinkle <drachs(at)gmail(dot)com> wrote:
> > As you can see, I assumed I could use PQexapeBytea to escape the
> > binary data and then just use the returned value as a text parameter.
>
> You don't need to (also you shouldn't) escape any data while using
> parameters. Because, you'll miss one big advantage of parameter usage.
> From PQexecParams() documentation:
>
> «The primary advantage of PQexecParams over PQexec is that parameter
> values may be separated from the command string, thus avoiding the
> need for tedious and error-prone quoting and escaping. Unlike PQexec,
> PQexecParams allows at most one SQL command in the given string.
> (There can be semicolons in it, but not more than one nonempty
> command.) This is a limitation of the underlying protocol, but has
> some usefulness as an extra defense against SQL-injection attacks.»
>
> Regards.
>
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-06-03 17:48:38 | Re: libpq, PQExecParams and the inserting of binary data |
Previous Message | Volkan YAZICI | 2005-06-03 16:43:34 | Re: libpq, PQExecParams and the inserting of binary data |