Re: quoting psql varible as identifier

Pavel Stehule <pavel.stehule@gmail.com>

From: Pavel Stehule <pavel.stehule@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Alvaro Herrera <alvherre@commandprompt.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>
Date: 2010-01-17T19:04:09Z
Lists: pgsql-hackers

Attachments

2010/1/16 Robert Haas <robertmhaas@gmail.com>:
> On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>> I have yet to fully review the code but on a quick glance it looks reasonable.
>
> On further review, it looks less reasonable.  :-(
>
> The new PQescapeIdentConn function is basically a cut-up version of
> PQescapeStringInternal, which seems like a reasonable foundation, but
> it rips out a little too much - specifically:
>
> 1. the length argument,
> 2. the size_t return value,
> 3. the portion of the handling for incomplete multibyte characters
> that prevents us from overrunning the output buffer on a maliciously
> constructed (or unlucky) input string, and
> 4. some relevant comments.
>

Yes, I didn't repeat parameter's pattern from PQescapeStringConn, I
would to simplify interface but I hasn't problem to modify it to same
interface.

I rewrote patch so now interface for PQescapeIdentConn is same as
PQescapeStringConn

@3. I though so the protection under incomplete multibyte chars are
enought - missing bytes are replaced by space - like
PQescapeStringConn does. But now - mechanism is exactly same, so this
problem should be solved.

Regards
Pavel Stehule


> I'm inclined to think we should put all of that stuff back, but
> certainly #3 at a minimum.
>
> ...Robert
>