-/* $Cambridge: exim/src/src/lookups/pgsql.c,v 1.2 2005/01/04 10:00:44 ph10 Exp $ */
+/* $Cambridge: exim/src/src/lookups/pgsql.c,v 1.5 2006/06/30 13:57:46 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2005 */
+/* Copyright (c) University of Cambridge 1995 - 2006 */
/* See the file NOTICE for conditions of use and distribution. */
/* Thanks to Petr Cech for contributing the original code for these
break;
default:
+ /* This was the original code:
*errmsg = string_sprintf("PGSQL: query failed: %s\n",
PQresultErrorMessage(pg_result));
+ This was suggested by a user:
+ */
+
+ *errmsg = string_sprintf("PGSQL: query failed: %s (%s) (%s)\n",
+ PQresultErrorMessage(pg_result),
+ PQresStatus(PQresultStatus(pg_result)), query);
*defer_break = FALSE;
goto PGSQL_EXIT;
}
does treat the string as "ab%cd". So we can safely quote percent and
underscore. [This is different to MySQL, where you can't do this.]
+The original code quoted single quotes as \' which is documented as valid in
+the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to
+the SQL standard '' way of representing a single quote as data. However, in
+June 2006 there was some security issue with using \' and so this has been
+changed.
+
+[Note: There is a function called PQescapeStringConn() that quotes strings.
+This cannot be used because it needs a PGconn argument (the connection handle).
+Why, I don't know. Seems odd for just string escaping...]
+
Arguments:
s the string to be quoted
opt additional option text or NULL if none
while ((c = *s++) != 0)
{
- if (Ustrchr("\n\t\r\b\'\"\\%_", c) != NULL)
+ if (c == '\'')
+ {
+ *t++ = '\'';
+ *t++ = '\'';
+ }
+ else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
{
*t++ = '\\';
switch(c)