ECPG gets embedded quotes wrong
Tom Lane <tgl@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>
To: pgsql-hackers@lists.postgresql.org
Cc: Michael Meskes <meskes@postgresql.org>
Date: 2020-10-20T19:46:18Z
Lists: pgsql-hackers
Attachments
- fix-ecpg-quote-handling.patch (text/x-diff) patch
A recent user complaint [1] led me to investigate what ECPG does with embedded quotes (that is, quotes-meant-to-be-data) in SQL identifiers and strings. AFAICS, it gets it wrong. For example, if you write the literal 'abc''def' in an EXEC SQL command, that will come out the other end as 'abc'def', triggering a syntax error in the backend. Likewise, "abc""def" is reduced to "abc"def" which is wrong syntax. It looks to me like a sufficient fix is just to keep these quote sequences as-is within a converted string, so that the attached appears to fix it. I added some documentation too, since there doesn't seem to be anything there now explaining how it's supposed to work. I doubt this is safely back-patchable, since anybody who's working around the existing misbehavior (as I see sql/dyntest.pgc is doing) would not appreciate it changing under them in a minor release. But I think we can fix it in v14. regards, tom lane [1] https://www.postgresql.org/message-id/flat/CA%2B4qtLct1L%3DgUordX4c_AdctJ%2BvZBsebYYLBk18LX8dLHthktg%40mail.gmail.com
Commits
-
Add documentation and tests for quote marks in ECPG literal queries.
- c16a1bbcf498 14.0 landed
-
Avoid premature de-doubling of quote marks in ECPG strings.
- 3dfb1942d9b8 14.0 landed