Port Bug Report: parse error not detected on unterminated quote
| От | Unprivileged user |
|---|---|
| Тема | Port Bug Report: parse error not detected on unterminated quote |
| Дата | |
| Msg-id | 199906291746.NAA20468@hub.org обсуждение исходный текст |
| Список | pgsql-ports |
============================================================================
POSTGRESQL BUG REPORT TEMPLATE
============================================================================
Your name : Kyle Bateman
Your email address : kyle@actarg.com
Category : runtime: back-end: SQL
Severity : serious
Summary: parse error not detected on unterminated quote
System Configuration
--------------------
Operating System : Linux Redhat 5.2
PostgreSQL version : 6.5
Compiler used :
Hardware:
---------
Versions of other tools:
------------------------
Linux tao.actarg.com 2.0.36 #3 Tue Apr 6 14:20:35 MDT 1999 i686 unknown
--------------------------------------------------------------------------
Problem Description:
--------------------
If a single quote is left unmatched in the query, the parser
seems to throw away the rest of the line without detecting
an error.
If the quote appears before a where clause, the results can
be disasterous as the whole table might be deleted, updated,
etc.
--------------------------------------------------------------------------
Test Case:
----------
Enter a select like this:
select * from mytable where id = 1234;
You should get only one record.
Now put in an errant single quote:
select * from mytable' where id = 1234;
Now you get the whole table. This should really be a
syntax error of some kind.
If the query is a delete or an update, this can be a nasty
problem.
--------------------------------------------------------------------------
Solution:
---------
I suppose the parser should check at the end of the command
to see if any unterminated quoted material is still pending.
--------------------------------------------------------------------------
В списке pgsql-ports по дате отправления: