Leave it up to the user to decide if to escape the sequence name or not.

author Ilia Alshanetsky <iliaa@php.net>

Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)

committer Ilia Alshanetsky <iliaa@php.net>

Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)
author Ilia Alshanetsky <iliaa@php.net>
Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)
committer Ilia Alshanetsky <iliaa@php.net>
Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)
diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c

index 4f7bd2eceb599654a815de9d9f684c3a48c22d45..5dde6f251184f05ae018fcc52ad97efa9099a827 100644 (file)
--- a/ext/pdo_pgsql/pgsql_driver.c
+++ b/ext/pdo_pgsql/pgsql_driver.c
@@ -213,11 +213,6 @@ static char *pdo_pgsql_last_insert_id(pdo_dbh_t *dbh, const char *name, unsigned
                 char *q;
                 ExecStatusType status;
  
-               /* SQL injection protection */
-               if (strchr(name, '\'')) {
-                       return NULL;
-               }
-
                 spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), "SELECT CURRVAL('%s')", name);
                 res = PQexec(H->server, q);
                 efree(q);
author	Ilia Alshanetsky <iliaa@php.net>
	Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)
committer	Ilia Alshanetsky <iliaa@php.net>
	Thu, 7 Jul 2005 02:17:20 +0000 (02:17 +0000)