On Thursday 2017-09-21 19:00, Jean Weisbuch wrote: > > - For strings, SQL_STRINGSIZE now defines the max length of values (before > being escaped), longer values will be truncated and the double of > SQL_STRINGSIZE is allocated in case all characters would have to be escaped > > I am not sure that truncating values is the best course of action, maybe > replacing the string with NULL or an empty string would be better?
Silent truncation is really bad. If the currenty query length can be externally influenced (and I have no doubt that it can), you may end up executing a different statement than what was intended. Return an error code from the function, abort() the entire program, or something. But don't silently truncate. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
