Hi, Thanks for the comments.
2011/11/22 Rafael Kassner <kass...@gmail.com>: > I've ported everything > to UTF-8 (this included rewrite a 8 years old application). I guess > this is a good implementation, considering that many people still use > old PostgreSQL versions. I think so, too. Database server's (and it's code) life is very long. > About pg_escape_identifier, fixes this an old problem when we use some> > reserved column names, like "login"? Any words(valid chars) can be used with pg_escape_identifier() 2011/11/23 Daniel Convissor <dani...@analysisandsolutions.com>: > Regarding pg_escape_literal(), which implements PQescapeLiteral, it is > very similar to PHP's pg_esacpe_string(), implementing > PQescapeStringConn. What is the benefit of adding this new function? pg_escape_literal() does the basically the same thing as pg_escape_string(), except it does more strict escaping (e.g. E'escaped string') and it adds quotes around string automatically. We can think of it as fool safe escape function. Following link is the example code. I tested with PostgreSQL 8.4 and it's libpq. https://gist.github.com/1387033 I think these functions are very useful for securing PHP applications using PostgreSQL. Especially, applications that needs to use DDL. Is there any objections or comments committing it to trunk? If not, I'll commit it to trunk. It's nice to have feature for PHP 5.4. It's purely an addition to pgsql module. Therefore, it has no side effect for existing feature. 5.4.0 is in RC, but it may be ok for PHP 5.4.1, I guess. -- Yasuo Ohgaki yohg...@ohgaki.net -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
