Postgres Pro
Downloads
Home   >   mailing lists

Re: How to convert escaped text column - force E prefix - Mailing list pgsql-general

From Pavel Stehule
Subject Re: How to convert escaped text column - force E prefix
Date
Msg-id CAFj8pRBh8MraS=oo14h_5KMczqNPq56BwjLVW2qU6Q5qipskFw@mail.gmail.com
Whole thread Raw
In response to Re: How to convert escaped text column - force E prefix  (Durumdara <durumdara@gmail.com>)
Responses Re: How to convert escaped text column - force E prefix
List pgsql-general
Tree view


čt 7. 1. 2021 v 12:13 odesílatel Durumdara <durumdara@gmail.com> napsal:
Dear Members!



Pavel Stehule <pavel.stehule@gmail.com> ezt írta (időpont: 2021. jan. 6., Sze, 12:03):



it cannot  work, because \ will be  replaced by \\

postgres=# CREATE OR REPLACE FUNCTION public.unistr(text)
 RETURNS text
 LANGUAGE plpgsql
 IMMUTABLE STRICT
AS $function$
declare r text;
begin
  execute 'select ' || quote_literal($1) into r;
  return r;
end;
$function$
;
CREATE FUNCTION
postgres=# select unistr('Az ad\u00f3kulcsonk\u00e9nti');
┌──────────────────────────────┐
│            unistr            │
╞══════════════════════════════╡
│ Az ad\u00f3kulcsonk\u00e9nti │
└──────────────────────────────┘
(1 row)



Gavan Schneider


Thank you for the answer!

We will try your solution.

Only one question about it:
Could we use PG's JSON interpreter somehow. I don't know it, but pseudo.

select 
  GET_JSON_FIELD_VALUE(
    'name',
    FROM_JSON_TEXT(   '{name:' || chr(39) || thistable.thisfield || chr(39) || '}' )
  ) from thistable

or use FORMAT instead of CONCAT.

Is this possible to work? What do you think about the vulnerability?

The vulnerability is almost the same although it is a little bit harder to create attack strings.

Regards

Pavel


Thank you!

dd

pgsql-general by date:

Previous
From: Durumdara
Date:
Subject: Re: How to convert escaped text column - force E prefix
Next
From: Magnus Hagander
Date:
Subject: Re: Using more than one LDAP?