Re: PG do not accept quoted names for tables/columns
| От | Andrew McMillan |
|---|---|
| Тема | Re: PG do not accept quoted names for tables/columns |
| Дата | |
| Msg-id | 1044560560.2939.23.camel@kant.mcmillan.net.nz обсуждение исходный текст |
| Ответ на | PG do not accept quoted names for tables/columns (Yaniv Hamo <hamo@cs.Technion.AC.IL>) |
| Список | pgsql-bugs |
On Thu, 2003-02-06 at 22:26, Yaniv Hamo wrote:
> Hi,
> I noticed that Postgres issues a fatal error when given a quoted name of
> table or column. This is a problem in secured cgi scripts, which quote
> everything they get from the user, to avoid malicious users from trying to
> execute SQL commands using some engineered input.
The SQL specification states that you should quote identifiers with
double quotes. Single quotes are used for quoting values:
CREATE TABLE "testtable" ( "test" INT );
PostgreSQL is SQL compliant on this issue.
Regards,
Andrew.
--
---------------------------------------------------------------------
Andrew @ Catalyst .Net.NZ Ltd, PO Box 11-053, Manners St, Wellington
WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St
DDI: +64(4)916-7201 MOB: +64(21)635-694 OFFICE: +64(4)499-2267
Survey for nothing with http://survey.net.nz/
---------------------------------------------------------------------
В списке pgsql-bugs по дате отправления: