From cebbaa1d5d2729c1b9dde0b472b4b034ef2f44b0 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Sun, 13 Feb 2011 00:17:55 -0500 Subject: [PATCH] Back out libpq doc change; not ready yet. --- doc/src/sgml/libpq.sgml | 46 +++++++++++++++++++++-------------- doc/src/sgml/release-9.0.sgml | 3 +-- 2 files changed, 29 insertions(+), 20 deletions(-) diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 2d15e78fd0..7131fb4ce6 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -3385,17 +3385,15 @@ size_t PQescapeStringConn(PGconn *conn, - PQescapeString is an older, deprecated version of - PQescapeStringConn. size_t PQescapeString (char *to, const char *from, size_t length); - The only difference from PQescapeStringConn is that - PQescapeString does not take PGconn - or error parameters. + PQescapeString is an older, deprecated version of + PQescapeStringConn; the difference is that it does + not take conn or error parameters. Because of this, it cannot adjust its behavior depending on the connection properties (such as character encoding) and therefore it might give the wrong results. Also, it has no way @@ -3403,7 +3401,7 @@ size_t PQescapeString (char *to, const char *from, size_t length); - PQescapeString can be used safely in + PQescapeString can be used safely in single-threaded client programs that work with only one PostgreSQL connection at a time (in this case it can find out what it needs to know behind the scenes). In other contexts it is a security @@ -3435,11 +3433,16 @@ unsigned char *PQescapeByteaConn(PGconn *conn, - Certain byte values must be escaped when used as part of a - bytea literal in an SQL statement. - PQescapeByteaConn escapes bytes using - either hex encoding or backslash escaping. See for more information. + Certain byte values must be escaped (but all + byte values can be escaped) when used as part + of a bytea literal in an SQL + statement. In general, to escape a byte, it is converted into the + three digit octal number equal to the octet value, and preceded by + usually two backslashes. The single quote (') and backslash + (\) characters have special alternative escape + sequences. See for more + information. PQescapeByteaConn performs this + operation, escaping only the minimally required bytes. @@ -3496,13 +3499,20 @@ unsigned char *PQescapeBytea(const unsigned char *from, The only difference from PQescapeByteaConn is that PQescapeBytea does not take a PGconn - parameter. Because of this, PQescapeBytea can - only be used safely in client programs that use a single - PostgreSQL connection at a time (in this case - it can find out what it needs to know behind the - scenes). It might give the wrong results if - used in programs that use multiple database connections (use - PQescapeByteaConn in such cases). + parameter. Because of this, it cannot adjust its behavior + depending on the connection properties (in particular, whether + standard-conforming strings are enabled) and therefore + it might give the wrong results. Also, it has no + way to return an error message on failure. + + + + PQescapeBytea can be used safely in single-threaded + client programs that work with only one PostgreSQL + connection at a time (in this case it can find out what it needs + to know behind the scenes). In other contexts it is + a security hazard and should be avoided in favor of + PQescapeByteaConn. diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml index f33ceea226..4902c058a9 100644 --- a/doc/src/sgml/release-9.0.sgml +++ b/doc/src/sgml/release-9.0.sgml @@ -2342,8 +2342,7 @@ whether hex or traditional format is used for bytea output. Libpq's PQescapeByteaConn() function automatically uses the hex format when connected to PostgreSQL 9.0 - or newer servers. However, pre-9.0 libpq versions will not - correctly process hex format from newer servers. + or newer servers. -- 2.50.0