I notice that the pg_stat_statements patch is applying pg_mbcliplen()
to query strings, in the fond illusion that it knows what encoding
they are in.
This brings up a bigger issue, namely that pg_stat_activity isn't
exactly encoding-proof either --- whatever encoding is in use in a
particular database is what query strings from backends in that database
will be stored in. Readers in another database will be exposed to
strings that probably aren't encoded correctly for their DB.
We could attack this by including source database's encoding in the
shared-memory entries, and performing a conversion on the fly when
reading out the data. However, what happens if the conversion fails?
Seems like this provides a way for users to hide their queries from
the DBA ... just include a comment with some characters that are
untranslatable.
Thoughts?
regards, tom lane