surabhi.ahuja wrote:
My appliaction is in C++
and i am getting char* ..s which i need to insert into the
table...and for insert i am calling a stored procedure.
But i need to form the call to the stored procedure with the above
char*s as the argument.
Fine - just make sure you validate your data and format it properly.
If you are expecting an integer and a text field then check that the
first is a valid integer and escape any single quotes in the text-field.
Then you can build your query as you are at the moment.
I'm afraid I don't know much about the libpqxx C++ library, but it must
have facilities to escape quotes etc.
--
Richard Huxton
Archonet Ltd
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
