Hello all, I am currently adding array value handling to the PostgreSQL interface for the Chicken Scheme compiler[*] and I was wondering if there's a more detailed documentation for the exact syntax of arrays than the short natural language explanation in the manual. There doesn't appear to be a helper function in libpq to escape (and unescape) string values for use inside array values and I'm concerned that my homebrew procedures might not be foolproof. If I understand correctly, the connection's character encoding is also used to determine how strings sent by "PQsendQueryParams parameters" (I don't know if there's an unambiguous name for those) are parsed, and it is conceivable that either through bogus or malicous input a multibyte array string could be wrongly escaped, which means one array value could "break out" of its proper position in the array, resulting in an array of different length or contents than intended. IMHO, it would be a Good Thing to have helper procedures in libpq. That would fix the problem once and for all in one place. I briefly considered "abusing" the PQescapeIdentifier procedure for escaping since the syntax for literals inside arrays seems to be exactly like that of SQL identifiers, but I'm not 100% sure about that and I also think the PQescapeIdentifier procedure shouldn't be overloaded for this purpose. Cheers, Peter [*] http://chicken.wiki.br/eggref/4/postgresql -- http://sjamaan.ath.cx -- "The process of preparing programs for a digital computer is especially attractive, not only because it can be economically and scientifically rewarding, but also because it can be an aesthetic experience much like composing poetry or music." -- Donald Knuth -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
