Re: regclass and format('%I')

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: regclass and format('%I')
Дата
Msg-id 17367.1426346951@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: regclass and format('%I')  (Jason Dusek <jason.dusek@gmail.com>)
Ответы Re: regclass and format('%I')  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-general
Jason Dusek <jason.dusek@gmail.com> writes:
> It honestly seems far more reasonable to me that %s and %I should do
> the exact same thing with regclass.

You're mistaken.  The operation of format() is first to convert the
non-format arguments to text strings, using the output functions for their
data types, and then to further process those text strings according to
the format specifiers:

%s -- no additional processing, just insert the string as-is.
%I -- apply double-quoting transformation to create a valid SQL identifier.
%L -- apply single-quoting transformation to create a valid SQL literal.

In the case of regclass, the output string is already double-quoted
as necessary, so applying %I to it produces a doubly double-quoted
string which is almost certainly not what you want.  But it's not
format()'s job to be smarter than the user.  If it tried to avoid
an extra pass of double quoting, it would get some cases wrong,
potentially creating security holes.

            regards, tom lane


В списке pgsql-general по дате отправления:

Предыдущее
От: Francisco Olarte
Дата:
Сообщение: Re: Basic Question on Point In Time Recovery
Следующее
От: "David G. Johnston"
Дата:
Сообщение: Re: regclass and format('%I')