FW: [pgadmin-support] Column name validation in embedded query. - Mailing list pgsql-bugs
| From | Lori Pate |
|---|---|
| Subject | FW: [pgadmin-support] Column name validation in embedded query. |
| Date | |
| Msg-id | 26EF234CFA0A61499BE54B08447FE397D306AC@sleepy.opushealthcare.com Whole thread Raw |
| Responses |
Re: FW: [pgadmin-support] Column name validation in embedded query.
(Tom Lane <tgl@sss.pgh.pa.us>)
|
| List | pgsql-bugs |
I am using pgAdmin III, PostgreSQL tools, Version 1.2.0 Beta on Windows XP Pro.=20 The following query, when executed as a stand alone query returns an error, correctly, that the column name is not valid: Query A) Select patientorder_key from patientorder where visit_key =3D 250314 and provider_key =3D 301;=20 The column patientorder_key does not exist in the table patientorder, the correct syntax should be:=20 Query B) Select patientorder.key from patientorder where visit_key =3D 250314 and provider_key =3D 301;=20 However, when the query with the incorrect column name (Query A) is embedded in a where clause, column validation does not happen, no error is displayed, and PGAdmin apparently ignores the where clause all together, resulting in complete data deletion, as if there were no where clause: Begin;=20 Delete from testorder where patientorder_key in=20 (Select patientorder_key from patientorder where visit_key =3D 250314 and provider_key =3D 301);=20 End;=20 This resulted in massive amounts of data being deleted erroneously.=20 I believe this is a bug.=20 =20 Lori E. Pate=20 =20=20 Quality Assurance Engineer=20 Opus Healthcare Solutions, Inc.=20 12301 Research Blvd.=20 Bldg. IV, Suite 200=20 Austin, Texas 78759=20 =20=20 Phone: 512.336.4562=20 E-Mail: lpate@opushealthcare.com <mailto:lpate@opushealthcare.com>=20=20 AIM: loripate0508=20 http://www.opushealthcare.com/=20 =20=20 =20 ________________________________ From: Dave Page [mailto:dpage@vale-housing.co.uk]=20 Sent: Monday, November 07, 2005 1:36 PM To: Lori Pate; pgadmin-support@postgresql.org Subject: Re: [pgadmin-support] Column name validation in embedded query. On 7/11/05 2:55 pm, "Lori Pate" <lpate@opushealthcare.com> wrote: I am using pgAdmin III, PostgreSQL tools, Version 1.2.0 Beta on Windows XP Pro.=20 =09 The following query, when executed as a stand alone query returns an error, correctly, that the column name is not valid: =09 Query A) Select patientorder_key from patientorder where visit_key =3D 250314 and provider_key =3D 301;=20 =09 The correct syntax should be:=20 Query B) Select patientorder.key from patientorder where visit_key =3D 250314 and provider_key =3D 301;=20 =09 However, when the query with the incorrect column name (Query A) is embedded in a where clause, column validation does not happen, no error is displayed, and PGAdmin apparently ignores the where clause all together, resulting in complete data deletion, as if there were no where clause: =09 Begin;=20 Delete from testorder where patientorder_key in=20 (Select patientorder_key from patientorder where visit_key =3D 250314 and provider_key =3D 301);=20 End;=20 =09 This resulted in massive amounts of data being deleted erroneously.=20 =09 I believe this is a bug.=20 =09 Not in pgAdmin. pgAdmin passes the query verbatim to PostgreSQL, making no attempt to parse or understand it at all. PostgreSQL parses, plans and executes the query and returns any resulting data or messages to pgAdmin which displays it/them.=20 I would suggest producing an easily re-createable test case and posting it to pgsql-bugs@postgresql.org. Regards, Dave=20
pgsql-bugs by date: