Hi Ilia, Would you please revert this change?
Saving one malloc/free in a function that has to query DB server anyway is not going to give you much performance improvement, while other methods are not portable across different PostgreSQL versions. Edin On Thursday 07 July 2005 02:52, Ilia Alshanetsky wrote: > iliaa Wed Jul 6 20:52:20 2005 EDT > > Modified files: > /php-src/ext/pdo_pgsql pgsql_driver.c > Log: > Faster sequence id retrieval. > > > > http://cvs.php.net/diff.php/php-src/ext/pdo_pgsql/pgsql_driver.c?r1=1.46&r2 >=1.47&ty=u Index: php-src/ext/pdo_pgsql/pgsql_driver.c > diff -u php-src/ext/pdo_pgsql/pgsql_driver.c:1.46 > php-src/ext/pdo_pgsql/pgsql_driver.c:1.47 --- > php-src/ext/pdo_pgsql/pgsql_driver.c:1.46 Fri Jul 1 18:43:16 2005 +++ > php-src/ext/pdo_pgsql/pgsql_driver.c Wed Jul 6 20:52:19 2005 > @@ -16,7 +16,7 @@ > +----------------------------------------------------------------------+ > */ > > -/* $Id: pgsql_driver.c,v 1.46 2005/07/01 22:43:16 edink Exp $ */ > +/* $Id: pgsql_driver.c,v 1.47 2005/07/07 00:52:19 iliaa Exp $ */ > > #ifdef HAVE_CONFIG_H > #include "config.h" > @@ -210,15 +210,16 @@ > *len = spprintf(&id, 0, "%ld", (long) H->pgoid); > } else { > PGresult *res; > - char *name_escaped, *q; > - size_t l = strlen(name); > + char *q; > ExecStatusType status; > > - name_escaped = safe_emalloc(l, 2, 1); > - PQescapeString(name_escaped, name, l); > - spprintf(&q, 0, "SELECT CURRVAL('%s')", name_escaped); > + /* SQL injection protection */ > + if (strchr(name, '\'')) { > + return NULL; > + } > + > + spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), > "SELECT > CURRVAL('%s')", name); res = PQexec(H->server, q); > - efree(name_escaped); > efree(q); > status = PQresultStatus(res); -- PHP CVS Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
