While the PostgreSQL backend is not known to be in use anywhere we were
using an older escaping function (PQescapeString) which does not have
knowledge of the connection character encoding and so has potential
problems. Switch to using PQescapeStringConn, which does have this
knowledge.
newsearch = malloc(strlen(search) * 2 + 1);
memset(newsearch, 0, strlen(search) * 2 + 1);
newsearch = malloc(strlen(search) * 2 + 1);
memset(newsearch, 0, strlen(search) * 2 + 1);
- PQescapeString(newsearch, search, strlen(search));
+ PQescapeStringConn(dbconn, newsearch, search, strlen(search), NULL);
snprintf(statement, 1023,
"SELECT DISTINCT onak_keys.keydata FROM onak_keys, "
"onak_uids WHERE onak_keys.keyid = onak_uids.keyid "
snprintf(statement, 1023,
"SELECT DISTINCT onak_keys.keydata FROM onak_keys, "
"onak_uids WHERE onak_keys.keyid = onak_uids.keyid "
safeuid = malloc(strlen(uids[i]) * 2 + 1);
if (safeuid != NULL) {
memset(safeuid, 0, strlen(uids[i]) * 2 + 1);
safeuid = malloc(strlen(uids[i]) * 2 + 1);
if (safeuid != NULL) {
memset(safeuid, 0, strlen(uids[i]) * 2 + 1);
- PQescapeString(safeuid, uids[i],
- strlen(uids[i]));
+ PQescapeStringConn(dbconn, safeuid, uids[i],
+ strlen(uids[i]), NULL);
snprintf(statement, 1023,
"INSERT INTO onak_uids "
snprintf(statement, 1023,
"INSERT INTO onak_uids "
projects / onak.git / commitdiff