From: Ilia Alshanetsky Date: Thu, 7 Jul 2005 02:17:20 +0000 (+0000) Subject: Leave it up to the user to decide if to escape the sequence name or not. X-Git-Tag: php-5.1.0b3~158 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=10e1eecf3fc40fc67ee0a402898a1accf6d16061;p=php Leave it up to the user to decide if to escape the sequence name or not. --- diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c index 4f7bd2eceb..5dde6f2511 100644 --- a/ext/pdo_pgsql/pgsql_driver.c +++ b/ext/pdo_pgsql/pgsql_driver.c @@ -213,11 +213,6 @@ static char *pdo_pgsql_last_insert_id(pdo_dbh_t *dbh, const char *name, unsigned char *q; ExecStatusType status; - /* SQL injection protection */ - if (strchr(name, '\'')) { - return NULL; - } - spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), "SELECT CURRVAL('%s')", name); res = PQexec(H->server, q); efree(q);