discussion on pgsql-hackers (especially the frightening memory dump in
<12273.
999562219@sss.pgh.pa.us>), we decided that it is best not to
use identifiers from an untrusted source at all. Therefore, all
claims of the suitability of PQescapeString() for identifiers have
been removed.
Florian Weimer
+
+
Escaping strings for inclusion in SQL queries
+PQescapeString
+ Escapes a string for use within an SQL query.
+
+size_t PQescapeString (char *to, const char *from, size_t length);
+
+If you want to include strings which have been received
+from a source which is not trustworthy (for example, because they were
+transmitted across a network), you cannot directly include them in SQL
+queries for security reasons. Instead, you have to quote special
+characters which are otherwise interpreted by the SQL parser.
+
+PQescapeString performs this operation. The
+
from points to the first character of the string which+is to be escaped, and the
length parameter counts the+number of characters in this string (a terminating NUL character is
+neither necessary nor counted).
to shall point to a+buffer which is able to hold at least one more character than twice
+the value of
length, otherwise the behavior is+undefined. A call to PQescapeString writes an escaped
+version of the
from string to the to+buffer, replacing special characters so that they cannot cause any
+harm, and adding a terminating NUL character. The single quotes which
+must surround PostgreSQL string literals are not part of the result
+string.
+
+PQescapeString returns the number of characters written
+to
to, not including the terminating NUL character.+Behavior is undefined when the
to and from+strings overlap.
+
+
Retrieving SELECT Result Information
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.109 2001/09/06 02:54:56 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.110 2001/09/07 22:02:32 momjian Exp $
*
*-------------------------------------------------------------------------
*/
static int getNotify(PGconn *conn);
static int getNotice(PGconn *conn);
+/* ---------------
+ * Escaping arbitrary strings to get valid SQL strings/identifiers.
+ *
+ * Replaces "\\" with "\\\\", "\0" with "\\0", and "'" with "''".
+ * length is the length of the buffer pointed to by
+ * from. The buffer at to must be at least 2*length + 1 characters
+ * long. A terminating NUL character is written.
+ * ---------------
+ */
+
+size_t
+PQescapeString (char *to, const char *from, size_t length)
+{
+ const char *source = from;
+ char *target = to;
+ unsigned int remaining = length;
+
+ while (remaining > 0) {
+ switch (*source) {
+ case '\0':
+ *target = '\\';
+ target++;
+ *target = '0';
+ /* target and remaining are updated below. */
+ break;
+
+ case '\\':
+ *target = '\\';
+ target++;
+ *target = '\\';
+ /* target and remaining are updated below. */
+ break;
+
+ case '\'':
+ *target = '\'';
+ target++;
+ *target = '\'';
+ /* target and remaining are updated below. */
+ break;
+
+ default:
+ *target = *source;
+ /* target and remaining are updated below. */
+ }
+ source++;
+ target++;
+ remaining--;
+ }
+
+ /* Write the terminating NUL character. */
+ *target = '\0';
+
+ return target - to;
+}
+
+
/* ----------------
* Space management for PGresult.
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: libpq-fe.h,v 1.73 2001/09/06 02:54:56 momjian Exp $
+ * $Id: libpq-fe.h,v 1.74 2001/09/07 22:02:32 momjian Exp $
*
*-------------------------------------------------------------------------
*/
/* === in fe-exec.c === */
+ /* Quoting strings before inclusion in queries. */
+ extern size_t PQescapeString (char *to, const char *from, size_t length);
+
/* Simple synchronous query */
extern PGresult *PQexec(PGconn *conn, const char *query);
extern PGnotify *PQnotifies(PGconn *conn);
projects / postgresql.git / commitdiff