Re: [BUGS] BUG #4027: backslash escaping not disabled in plpgsql

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: Peter Eisentraut <peter_e@gmx.net>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Jonathan Guthrie <jguthrie@brokersys.com>, PostgreSQL-development <pgsql-hackers@postgreSQL.org>
Date: 2009-04-09T15:16:45Z
Lists: pgsql-bugs, pgsql-hackers
Peter Eisentraut wrote:
> Tom Lane wrote:
> > plpgsql does not consider standard_conforming_strings --- it still uses
> > backslash escaping in its function bodies regardless.  Since the
> > language itself is not standardized, I see no particular reason that
> > standard_conforming_strings should govern it.
> 
> I think plpgsql should behave either consistently with the rest of PostgreSQL 
> or with Oracle, which it is copied from.
> 
> > I believe the reason for 
> > not changing it was that it seemed too likely to break existing
> > functions, with potentially nasty consequences if they chanced to be
> > security definers.
> 
> Is this actually true or did we just forget it? :-)

I have added this TODO item:

	Consider honoring standard_conforming_strings in PL/pgSQL function
	bodies
	
	    * http://archives.postgresql.org/pgsql-bugs/2008-03/msg00102.php 

Are we every going to enable standard_conforming_strings by default?  If
not, I will remove the TODO item mentiong this. 
standard_conforming_strings was added in Postgres 8.1, and
escape_string_warning was enabled in 8.2.

I think the big issue is that having standard_conforming_strings affect
function behavior introduces the same problems we have had in the past
of having a GUC affect function behavior.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +