Re: Stably escaping an identifier

Phillip Diffley <phillip6402@gmail.com> writes:
> Is there a reliable way to determine if an identifier has already been
> escaped, or alternatively is there a function that will stably escape an
> identifier such that the identifier will not change if the function is
> called repeatedly?

This is impossible in general, because you can't know if the
double-quotes are meant to be part of the identifier value.

My advice here would be to flat-out reject input identifiers that
contain double quotes.  I'd suggest banning newlines too while
at it, as those are known to create security issues in some
contexts.

                        regards, tom lane