Home > mailing lists

Re: PQescapeIdentifier - Mailing list pgsql-hackers

From	Dave Page
Subject	Re: PQescapeIdentifier
Date	May 31, 2006 07:29:00
Msg-id	E7F85A1B5FF8D44C8A1AF6885BC9A0E4013885A1@ratbert.vale-housing.co.uk Whole thread Raw
In response to	PQescapeIdentifier (Christopher Kings-Lynne <chris.kings-lynne@calorieking.com>)
List	pgsql-hackers

Tree view


> -----Original Message-----
> From: pgsql-hackers-owner@postgresql.org
> [mailto:pgsql-hackers-owner@postgresql.org] On Behalf Of
> Christopher Kings-Lynne
> Sent: 31 May 2006 04:16
> To: Tom Lane
> Cc: Hackers
> Subject: Re: [HACKERS] PQescapeIdentifier
>
> > Christopher Kings-Lynne <chris.kings-lynne@calorieking.com> writes:
> >> Here's a question. I wish to add a function to libpq to escape
> >> PostgreSQL identifiers.  Will this function be subject to the same
> >> security/encoding issues as PQescapeString?
> >
> > Is this of any general-purpose use?  How many apps are
> really prepared
> > to let an untrusted user dictate which columns are
> selected/compared?
>
> phpPgAdmin has use for it, I assume pgAdmin would as well.

Yes, it would.

Regards, Dave.

pgsql-hackers by date:

From: Martijn van Oosterhout
Date: 31 May 2006, 07:22:33
Subject: Re: plperl's ppport.h out of date?

From: "Magnus Hagander"
Date: 31 May 2006, 08:06:55
Subject: Re: [PATCHES] Magic block for modules

Re: PQescapeIdentifier - Mailing list pgsql-hackers

Previous

Next