Yes, I was going to rework the patch to use the ideas you suggested. I
wasn't going to apply it as-is. Anyway, feel free to address it.
---------------------------------------------------------------------------
Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Your patch has been added to the PostgreSQL unapplied patches list at:
>
> I don't particularly like this patch, because it is predicated on a
> false assumption, namely that initdb uses libpq to talk to the backend.
> ISTM PQescapeString is not the thing to use. (As a concrete example
> of why not, there'll be no way to make it use the correct value of
> standard_conforming_strings, when that default changes.)
>
> I think the best solution is probably to use the existing escape_quotes
> function and to place its output in an E'' string.
>
> I looked through initdb to see if there were any other places where it
> was creating SQL string literals that might have escaping problems.
> All of the COPY commands it issues are potentially at risk: consider
> the possibility that the installation sharedir has a quote or backslash
> in its path. I didn't see any other holes though.
>
> Will fix this later today.
>
> regards, tom lane
>
--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
