From: Ilia Alshanetsky <iliaa@php.net>
Date: Thu, 7 Jul 2005 00:52:19 +0000 (+0000)
Subject: Faster sequence id retrieval.
X-Git-Tag: php-5.1.0b3~159
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=bcb447f6b83c7fe3758aa6e6ba5f42705a728aac;p=php

Faster sequence id retrieval.
---

diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c
index 9fe78dad2a..4f7bd2eceb 100644
--- a/ext/pdo_pgsql/pgsql_driver.c
+++ b/ext/pdo_pgsql/pgsql_driver.c
@@ -210,15 +210,16 @@ static char *pdo_pgsql_last_insert_id(pdo_dbh_t *dbh, const char *name, unsigned
 		*len = spprintf(&id, 0, "%ld", (long) H->pgoid);
 	} else {
 		PGresult *res;
-		char *name_escaped, *q;
-		size_t l = strlen(name);
+		char *q;
 		ExecStatusType status;
 
-		name_escaped = safe_emalloc(l, 2, 1);
-		PQescapeString(name_escaped, name, l);
-		spprintf(&q, 0, "SELECT CURRVAL('%s')", name_escaped);
+		/* SQL injection protection */
+		if (strchr(name, '\'')) {
+			return NULL;
+		}
+
+		spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), "SELECT CURRVAL('%s')", name);
 		res = PQexec(H->server, q);
-		efree(name_escaped);
 		efree(q);
 		status = PQresultStatus(res);