diff options
| author | Ilia Alshanetsky <iliaa@php.net> | 2005-07-07 02:17:20 +0000 |
|---|---|---|
| committer | Ilia Alshanetsky <iliaa@php.net> | 2005-07-07 02:17:20 +0000 |
| commit | 10e1eecf3fc40fc67ee0a402898a1accf6d16061 (patch) | |
| tree | 6d60991aaeef04a75ebc6b3b864073c3dba073e0 /ext/pdo_pgsql/pgsql_driver.c | |
| parent | bcb447f6b83c7fe3758aa6e6ba5f42705a728aac (diff) | |
| download | php-git-10e1eecf3fc40fc67ee0a402898a1accf6d16061.tar.gz | |
Leave it up to the user to decide if to escape the sequence name or not.
Diffstat (limited to 'ext/pdo_pgsql/pgsql_driver.c')
| -rw-r--r-- | ext/pdo_pgsql/pgsql_driver.c | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c index 4f7bd2eceb..5dde6f2511 100644 --- a/ext/pdo_pgsql/pgsql_driver.c +++ b/ext/pdo_pgsql/pgsql_driver.c @@ -213,11 +213,6 @@ static char *pdo_pgsql_last_insert_id(pdo_dbh_t *dbh, const char *name, unsigned char *q; ExecStatusType status; - /* SQL injection protection */ - if (strchr(name, '\'')) { - return NULL; - } - spprintf(&q, sizeof("SELECT CURRVAL('')") + strlen(name), "SELECT CURRVAL('%s')", name); res = PQexec(H->server, q); efree(q); |