apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <...@apache.org>
Subject Re: Why not use PQescapeStringConn instead of PQescapeString?
Date Wed, 18 Apr 2012 19:38:27 GMT
On Wed, 18 Apr 2012 14:40:21 -0400
Bob Rossi <bob@brasko.net> wrote:

> Hi,
> 
> I noticed in apr_dbd_escape that it uses PQescapeString instead of
> PQescapeStringConn.
> 
> PQescapeString is deprecated and dangerous. The documentation says,
>   *it might give the wrong results*
> http://www.postgresql.org/docs/9.1/static/libpq-exec.html
> 
> Is there any objection to changing the API call?

Looks like a fair point.  Updated in trunk, where we can see
if anyone shouts!

As discussed in IRC, it looks like a no-brainer with pgsql
versions from recent times.  The old code goes back to pgsql 6.x.

Thanks,

-- 
Nick Kew

Mime
View raw message