[PHP-CVS] cvs: php-src /ext/pdo_pgsql pgsql_driver.c

[Ilia Alshanetsky]

iliaa           Wed Jul  6 20:52:20 2005 EDT

  Modified files:              
    /php-src/ext/pdo_pgsql      pgsql_driver.c 
  Log:
  Faster sequence id retrieval.
  
  
  
http://cvs.php.net/diff.php/php-src/ext/pdo_pgsql/pgsql_driver.c?r1=1.46&r2=1.47&ty=u
Index: php-src/ext/pdo_pgsql/pgsql_driver.c
diff -u php-src/ext/pdo_pgsql/pgsql_driver.c:1.46 
php-src/ext/pdo_pgsql/pgsql_driver.c:1.47
--- php-src/ext/pdo_pgsql/pgsql_driver.c:1.46   Fri Jul  1 18:43:16 2005
+++ php-src/ext/pdo_pgsql/pgsql_driver.c        Wed Jul  6 20:52:19 2005
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: pgsql_driver.c,v 1.46 2005/07/01 22:43:16 edink Exp $ */
+/* $Id: pgsql_driver.c,v 1.47 2005/07/07 00:52:19 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -210,15 +210,16 @@
                *len = spprintf(&id, 0, "%ld", (long) H->pgoid);
        } else {
                PGresult *res;
-               char *name_escaped, *q;
-               size_t l = strlen(name);
+               char *q;
                ExecStatusType status;
 
-               name_escaped = safe_emalloc(l, 2, 1);
-               PQescapeString(name_escaped, name, l);
-               spprintf(&q, 0, "SELECT CURRVAL('%s')", name_escaped);
+               /* SQL injection protection */
+               if (strchr(name, '\'')) {
+                       return NULL;
+               }
+
+               spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), 
"SELECT CURRVAL('%s')", name);
                res = PQexec(H->server, q);
-               efree(name_escaped);
                efree(q);
                status = PQresultStatus(res);
 

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php