Quick Links

Re: PQescapeIdentifier

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Christopher Kings-Lynne <chris(dot)kings-lynne(at)calorieking(dot)com>
Cc:	Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: PQescapeIdentifier
Date:	2006-05-31 03:08:38
Message-ID:	5991.1149044918@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Christopher Kings-Lynne <chris(dot)kings-lynne(at)calorieking(dot)com> writes:
> Here's a question. I wish to add a function to libpq to escape
> PostgreSQL identifiers. Will this function be subject to the same
> security/encoding issues as PQescapeString?

Is this of any general-purpose use? How many apps are really prepared
to let an untrusted user dictate which columns are selected/compared?

But to answer your question, yes, I can certainly imagine
encoding-related risks...

regards, tom lane

In response to

PQescapeIdentifier at 2006-05-31 02:50:24 from Christopher Kings-Lynne

Responses

Re: PQescapeIdentifier at 2006-05-31 03:15:58 from Christopher Kings-Lynne

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Christopher Kings-Lynne	2006-05-31 03:15:58	Re: PQescapeIdentifier
Previous Message	Christopher Kings-Lynne	2006-05-31 02:50:24	PQescapeIdentifier