From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)commandprompt(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: quoting psql varible as identifier |
Date: | 2010-01-16 18:47:45 |
Message-ID: | 603c8f071001161047m72891cb3p7cc5cd02e1647a77@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> I have yet to fully review the code but on a quick glance it looks reasonable.
On further review, it looks less reasonable. :-(
The new PQescapeIdentConn function is basically a cut-up version of
PQescapeStringInternal, which seems like a reasonable foundation, but
it rips out a little too much - specifically:
1. the length argument,
2. the size_t return value,
3. the portion of the handling for incomplete multibyte characters
that prevents us from overrunning the output buffer on a maliciously
constructed (or unlucky) input string, and
4. some relevant comments.
I'm inclined to think we should put all of that stuff back, but
certainly #3 at a minimum.
...Robert
From | Date | Subject | |
---|---|---|---|
Next Message | Erik Rijkers | 2010-01-16 18:54:33 | Re: review: More frame options in window functions |
Previous Message | Simon Riggs | 2010-01-16 18:20:37 | Re: Hot Standby and handling max_standby_delay |