From a401226bd8749c915bf275b30eb9a06f49a529d2 Mon Sep 17 00:00:00 2001
From: Peter Eisentraut <peter_e@gmx.net>
Date: Thu, 18 Mar 2010 19:43:03 +0000
Subject: Prevent the injection of invalidly encoded strings by PL/Python into
 PostgreSQL with a few strategically placed pg_verifymbstr calls.

---
 doc/src/sgml/plpython.sgml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/plpython.sgml b/doc/src/sgml/plpython.sgml
index e8e55a39a5f..a82c0f39b63 100644
--- a/doc/src/sgml/plpython.sgml
+++ b/doc/src/sgml/plpython.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.45 2010/03/13 20:55:05 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.46 2010/03/18 19:43:03 petere Exp $ -->
 
 <chapter id="plpython">
  <title>PL/Python - Python Procedural Language</title>
@@ -340,6 +340,17 @@ $$ LANGUAGE plpythonu;
        builtin <literal>str</literal>, and the result is passed to the
        input function of the PostgreSQL data type.
       </para>
+
+      <para>
+       Strings in Python 2 are required to be in the PostgreSQL server
+       encoding when they are passed to PostgreSQL.  Strings that are
+       not valid in the current server encoding will raise an error,
+       but not all encoding mismatches can be detected, so garbage
+       data can still result when this is not done correctly.  Unicode
+       strings are converted to the correct encoding automatically, so
+       it can be safer and more convenient to use those.  In Python 3,
+       all strings are Unicode strings.
+      </para>
      </listitem>
 
      <listitem>
-- 
cgit v1.2.3