diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 2d15e78fd08..7131fb4ce62 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -3385,17 +3385,15 @@ size_t PQescapeStringConn(PGconn *conn,
- PQescapeString is an older, deprecated version of
- PQescapeStringConn.
size_t PQescapeString (char *to, const char *from, size_t length);
- The only difference from PQescapeStringConn is that
- PQescapeString does not take PGconn
- or error parameters.
+ PQescapeString is an older, deprecated version of
+ PQescapeStringConn; the difference is that it does
+ not take conn or error parameters.
Because of this, it cannot adjust its behavior depending on the
connection properties (such as character encoding) and therefore
it might give the wrong results. Also, it has no way
@@ -3403,7 +3401,7 @@ size_t PQescapeString (char *to, const char *from, size_t length);
- PQescapeString can be used safely in
+ PQescapeString can be used safely in single-threaded
client programs that work with only one PostgreSQL
connection at a time (in this case it can find out what it needs to
know behind the scenes). In other contexts it is a security
@@ -3435,11 +3433,16 @@ unsigned char *PQescapeByteaConn(PGconn *conn,
- Certain byte values must be escaped when used as part of a
- bytea literal in an SQL statement.
- PQescapeByteaConn escapes bytes using
- either hex encoding or backslash escaping. See for more information.
+ Certain byte values must be escaped (but all
+ byte values can be escaped) when used as part
+ of a bytea literal in an SQL
+ statement. In general, to escape a byte, it is converted into the
+ three digit octal number equal to the octet value, and preceded by
+ usually two backslashes. The single quote (') and backslash
+ (\) characters have special alternative escape
+ sequences. See for more
+ information. PQescapeByteaConn performs this
+ operation, escaping only the minimally required bytes.
@@ -3496,13 +3499,20 @@ unsigned char *PQescapeBytea(const unsigned char *from,
The only difference from PQescapeByteaConn is that
PQescapeBytea does not take a PGconn
- parameter. Because of this, PQescapeBytea can
- only be used safely in client programs that use a single
- PostgreSQL connection at a time (in this case
- it can find out what it needs to know behind the
- scenes). It might give the wrong results if
- used in programs that use multiple database connections (use
- PQescapeByteaConn in such cases).
+ parameter. Because of this, it cannot adjust its behavior
+ depending on the connection properties (in particular, whether
+ standard-conforming strings are enabled) and therefore
+ it might give the wrong results. Also, it has no
+ way to return an error message on failure.
+
+
+
+ PQescapeBytea can be used safely in single-threaded
+ client programs that work with only one PostgreSQL
+ connection at a time (in this case it can find out what it needs
+ to know behind the scenes). In other contexts it is
+ a security hazard and should be avoided in favor of
+ PQescapeByteaConn.
diff --git a/doc/src/sgml/release-9.0.sgml b/doc/src/sgml/release-9.0.sgml
index f33ceea2264..4902c058a96 100644
--- a/doc/src/sgml/release-9.0.sgml
+++ b/doc/src/sgml/release-9.0.sgml
@@ -2342,8 +2342,7 @@
whether hex or traditional format is used for bytea
output. Libpq's PQescapeByteaConn() function automatically
uses the hex format when connected to PostgreSQL 9.0
- or newer servers. However, pre-9.0 libpq versions will not
- correctly process hex format from newer servers.
+ or newer servers.