[PHP-CVS] cvs: php-src /ext/pdo_pgsql pgsql_driver.c

[Ilia Alshanetsky]

iliaa           Wed Jul  6 22:17:21 2005 EDT

  Modified files:              
    /php-src/ext/pdo_pgsql      pgsql_driver.c 
  Log:
  Leave it up to the user to decide if to escape the sequence name or not.
  
  
http://cvs.php.net/diff.php/php-src/ext/pdo_pgsql/pgsql_driver.c?r1=1.47&r2=1.48&ty=u
Index: php-src/ext/pdo_pgsql/pgsql_driver.c
diff -u php-src/ext/pdo_pgsql/pgsql_driver.c:1.47 
php-src/ext/pdo_pgsql/pgsql_driver.c:1.48
--- php-src/ext/pdo_pgsql/pgsql_driver.c:1.47   Wed Jul  6 20:52:19 2005
+++ php-src/ext/pdo_pgsql/pgsql_driver.c        Wed Jul  6 22:17:20 2005
@@ -16,7 +16,7 @@
   +----------------------------------------------------------------------+
 */
 
-/* $Id: pgsql_driver.c,v 1.47 2005/07/07 00:52:19 iliaa Exp $ */
+/* $Id: pgsql_driver.c,v 1.48 2005/07/07 02:17:20 iliaa Exp $ */
 
 #ifdef HAVE_CONFIG_H
 #include "config.h"
@@ -213,11 +213,6 @@
                char *q;
                ExecStatusType status;
 
-               /* SQL injection protection */
-               if (strchr(name, '\'')) {
-                       return NULL;
-               }
-
                spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), 
"SELECT CURRVAL('%s')", name);
                res = PQexec(H->server, q);
                efree(q);

-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php