Re: quoting psql varible as identifier
| От | Pavel Stehule |
|---|---|
| Тема | Re: quoting psql varible as identifier |
| Дата | |
| Msg-id | 162867791001171104y6b5f626et7c0aeae0db01bd54@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: quoting psql varible as identifier (Robert Haas <robertmhaas@gmail.com>) |
| Ответы |
Re: quoting psql varible as identifier
|
| Список | pgsql-hackers |
2010/1/16 Robert Haas <robertmhaas@gmail.com>: > On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas@gmail.com> wrote: >> I have yet to fully review the code but on a quick glance it looks reasonable. > > On further review, it looks less reasonable. :-( > > The new PQescapeIdentConn function is basically a cut-up version of > PQescapeStringInternal, which seems like a reasonable foundation, but > it rips out a little too much - specifically: > > 1. the length argument, > 2. the size_t return value, > 3. the portion of the handling for incomplete multibyte characters > that prevents us from overrunning the output buffer on a maliciously > constructed (or unlucky) input string, and > 4. some relevant comments. > Yes, I didn't repeat parameter's pattern from PQescapeStringConn, I would to simplify interface but I hasn't problem to modify it to same interface. I rewrote patch so now interface for PQescapeIdentConn is same as PQescapeStringConn @3. I though so the protection under incomplete multibyte chars are enought - missing bytes are replaced by space - like PQescapeStringConn does. But now - mechanism is exactly same, so this problem should be solved. Regards Pavel Stehule > I'm inclined to think we should put all of that stuff back, but > certainly #3 at a minimum. > > ...Robert >
Вложения
В списке pgsql-hackers по дате отправления: