>> I thought of that but I assume we were not accepting user-supplied
>> identifiers for this --- that this was only for application use. Am I
>> wrong?
Well, yes the plan was to accept user-supplied identifiers...
> If you insist on a practical example, I can certainly imagine someone
> thinking it'd be cool to allow searches on a user-selected column, and
> implementing that by passing the user-given column name straight into
> the query with only PQescapeIdentifier for safety.
Yes, phpPgAdmin sure would. I imagine this would be a nightmare to
address properly, so perhaps we should remove the function :(