Re: Re: Escaping strings for inclusion into SQL queries

From: Peter Eisentraut <peter_e(at)gmx(dot)net>
To: Florian Weimer <Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE>
Cc: PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Re: Escaping strings for inclusion into SQL queries
Date: 2001-09-03 22:17:51
Message-ID: Pine.LNX.4.30.0109040016270.4304-100000@peter.localdomain
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Florian Weimer writes:

> In addition, there seems to be a bug in the treatment of "" escapes in
> identifiers. 'SELECT """";' yields the error message 'Attribute '""'
> not found ' (not '"'!) or even 'Attribute '""\' not found', depending
> on the queries executed before.

A bug indeed.

RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/parser/scan.l,v
retrieving revision 1.88
diff -u -r1.88 scan.l
--- scan.l 2001/03/22 17:41:47 1.88
+++ scan.l 2001/09/03 22:11:46
@@ -375,7 +375,7 @@
return IDENT;
}
<xd>{xddouble} {
- addlit(yytext, yyleng-1);
+ addlit(yytext+1, yyleng-1);
}
<xd>{xdinside} {
addlit(yytext, yyleng);
===end

--
Peter Eisentraut peter_e(at)gmx(dot)net http://funkturm.homeip.net/~peter

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message James Thornton 2001-09-03 23:02:47 Postgres is eating my CPU
Previous Message Oliver Elphick 2001-09-03 22:11:54 Re: Conditional operators ALL, ANY in WHERE clause