Skip site navigation (1) Skip section navigation (2)

Re: patch (for 9.1) string functions

From: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
To: Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, Takahiro Itagaki <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, Merlin Moncure <mmoncure(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>, Erik Rijkers <er(at)xs4all(dot)nl>
Subject: Re: patch (for 9.1) string functions
Date: 2010-07-24 15:17:33
Message-ID: AANLkTi=qb5G4HwkagzWo4Yvbs_6-d07G79tFE6=bVoQC@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Hello

2010/7/23 Itagaki Takahiro <itagaki(dot)takahiro(at)gmail(dot)com>:
> I'm reviewing contrib part of the string functions patch.
>
> I found an issue in sprintf() to print integer values. In this case,
> 'l' (for long type) is used on *all* platforms. For example,
>  SELECT sprintf('%d', 10);
> internally uses
>  appendStringInfo('%ld', (int64) 10)
>

> But there are some platform that requires to use %lld for int64 format, probably
> on Windows. That's why we have INT64_FORMAT macro. sprintf() needs to be
> adjusted to use INT64_FORMAT or similar portable codes.
>

fixed - it depends on INT64_FORMAT now.

> Other portion of the patch seems to be OK for me,
> unless you have still some idea to extend the feature.
>
> 2010/7/17 Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>:
>> I have a one idea nonstandard enhancing of sprintf - relatie often job
>> is a quoting in PostgreSQL. So sprintf should have a special formats
>> for quoted values. What do you think about
>>
>> %lq ... literal quoted
>> %iq ... ident quoted
>
> They save some keyboard types to write quote_literal() and quote_ident(), right?
> They seem to be useful and reasonable for me. One comment is that you might
> want to print NULL values as "NULL" instead of "<NULL>" in such cases.
>

NULL is showed as NULL for literal quoting and when ident quoting is
used, then exception is raised.

Maybe last rule is too hard, but it should be a protection before SQL
injection via mal formated SQL

Regards

Pavel

> --
> Itagaki Takahiro
>

Attachment: stringfunc.diff
Description: text/x-patch (41.0 KB)

In response to

Responses

pgsql-hackers by date

Next:From: Alexander KorotkovDate: 2010-07-24 15:27:47
Subject: Re: multibyte charater set in levenshtein function
Previous:From: Markus WannerDate: 2010-07-24 14:28:32
Subject: Re: bg worker: overview

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group