Re: Negative Integers Escaping

On Fri, May 27, 2011 at 8:03 PM, Maxim Avanov <maxim.avanov@gmail.com> wrote:
> Hi, Oswoldo. Thanks for reply.
>> Is a good rule to always put spaces between operators
>
> I agree. It's a good rule but it's neither in SQL nor in Postrges syntax
> rules. And psycopg should guarantee a valid escaping of parameters according
> to all possible and valid syntax rules.

There's plenty of space for creating pathological commands. Do you
want another one?

"select * from blah limit%s"

I think in general sticking characters in front of placeholders you
don't know how will get filled is not a robust way to write your sql
string.

I'm -1 about complicating the escaping of simple values just to
accommodate artificial problems: fixing this one IMO wouldn't justify
the potential problems of backward incompatibilities that may arise.

-- Daniele