| From: | Alex Guo <guo(dot)alex(dot)hengchen(at)gmail(dot)com> |
|---|---|
| To: | Ayush Tiwari <ayushtiwari(dot)slg01(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Cc: | efujita(at)postgresql(dot)org |
| Subject: | Re: [PATCH] Fix column name escaping in postgres_fdw stats import |
| Date: | 2026-04-21 06:12:24 |
| Message-ID: | f3ed5fd7-40c0-42d4-a17d-7b417b5d270e@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 4/21/26 4:43 AM, Ayush Tiwari wrote:
> Hi hackers,
>
> The new statistics import feature in postgres_fdw (commit 28972b6fc3d)
> builds a remote query to fetch pg_stats rows, filtering by column name
> with:
>
> AND attname = ANY('{col1, col2}'::text[])
>
> The column names are formatted with quote_identifier(), which only
> escapes double quotes. But since the list is embedded inside a
> single-quoted string literal, any single quote in a column name
> breaks the literal and produces a syntax error on the remote server.
>
> Reproduction:
>
> CREATE TABLE t ("col'quote" int, c2 int);
> INSERT INTO t SELECT g, g FROM generate_series(1,100) g;
> ANALYZE t;
>
> CREATE FOREIGN TABLE ft ("col'quote" int, c2 int)
> SERVER loopback OPTIONS (table_name 't', restore_stats 'true');
>
> ANALYZE ft;
> -- ERROR: syntax error at or near "quote"
> -- CONTEXT: remote SQL command: ... attname = ANY('{...
> "col'quote"}'::text[])
>
> The attached patch switches to an ARRAY[] constructor with each
> element escaped by deparseStringLiteral(), matching how schemaname
> and tablename are already handled in the same function.
>
> Thoughts?
>
> It should also address the issue that was raised in [1].
>
> [1] PostgreSQL: Fix array-element quoting in postgres_fdw import
> statistics
> <https://www.postgresql.org/message-id/CAHg+QDc9=WtYi=JW6QUL6ASOJc6PcGPTuxoMkhnkQ7oi7j5atg@mail.gmail.com>
>
> Regards,
> Ayush
I think the fix makes sense to me. Here, the column names are emitted as
string content, thus deparseStringLiteral() is a better fit. A small
comment on the test:
+ANALYZE VERBOSE simport_ft_quote; -- should work, not syntax error
VERBOSE seems not needed.
Regards, Alex Guo
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jian he | 2026-04-21 06:25:06 | Re: SQL:2011 Application Time Update & Delete |
| Previous Message | a.kozhemyakin | 2026-04-21 06:10:07 | Re: Add \pset options for boolean value display |