Skip site navigation (1) Skip section navigation (2)

Re: Re: Escaping strings for inclusion into SQL queries

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Florian Weimer <Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Re: Escaping strings for inclusion into SQL queries
Date: 2001-09-03 22:17:51
Message-ID: Pine.LNX.4.30.0109040016270.4304-100000@peter.localdomain (view raw or flat)
Thread:
Lists: pgsql-hackers
Florian Weimer writes:

> In addition, there seems to be a bug in the treatment of "" escapes in
> identifiers. 'SELECT """";' yields the error message 'Attribute '""'
> not found ' (not '"'!) or even 'Attribute '""\' not found', depending
> on the queries executed before.

A bug indeed.

RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/parser/scan.l,v
retrieving revision 1.88
diff -u -r1.88 scan.l
--- scan.l      2001/03/22 17:41:47     1.88
+++ scan.l      2001/09/03 22:11:46
@@ -375,7 +375,7 @@
                                        return IDENT;
                                }
 <xd>{xddouble} {
-                                       addlit(yytext, yyleng-1);
+                                       addlit(yytext+1, yyleng-1);
                                }
 <xd>{xdinside} {
                                        addlit(yytext, yyleng);
===end

-- 
Peter Eisentraut   peter_e(at)gmx(dot)net   http://funkturm.homeip.net/~peter


In response to

Responses

pgsql-hackers by date

Next:From: James ThorntonDate: 2001-09-03 23:02:47
Subject: Postgres is eating my CPU
Previous:From: Oliver ElphickDate: 2001-09-03 22:11:54
Subject: Re: Conditional operators ALL, ANY in WHERE clause

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group