Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu - Mailing list pgsql-bugs

From Tom Lane
Subject Re: BUG #2228: escaped single quotes choke spi_exec_query in plperlu
Date
Msg-id 410.1138807588@sss.pgh.pa.us
Whole thread Raw
In response to BUG #2228: escaped single quotes choke spi_exec_query in plperlu  ("Michael Lush" <michael@galton.ucl.ac.uk>)
Responses Re: BUG #2228: escaped single quotes choke spi_exec_query in
List pgsql-bugs
"Michael Lush" <michael@galton.ucl.ac.uk> writes:
> CREATE OR REPLACE FUNCTION quote_bug(text) RETURNS text AS
> $$
>    $data = $_[0];

>    $sql = "SELECT *
>              FROM test
>             WHERE foo = '$data'";

>    $rv_unique = spi_exec_query($sql);

It's hardly a bug that you get a syntax error when $data contains
a single quote.  It's up to you to construct a well-formed query
string to give to spi_exec_query, and this code is not doing that.

            regards, tom lane

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: BUG #2225: Backend crash -- BIG table
Next
From: Tom Lane
Date:
Subject: Re: BUG #2229: Parsing error in Functions Grant Wizard