From: Pavel Stehule on
hello

here is patch

pavel(a)postgres:5432=# \set foo 'hello world'
pavel(a)postgres:5432=# SELECT :'foo' AS :"foo";
hello world
-------------
hello world
(1 row)

Regards
Pavel


2009/12/29 Pavel Stehule <pavel.stehule(a)gmail.com>:
> 2009/12/29 Tom Lane <tgl(a)sss.pgh.pa.us>:
>> Pavel Stehule <pavel.stehule(a)gmail.com> writes:
>>> 2009/12/29 Alvaro Herrera <alvherre(a)commandprompt.com>:
>>>> Can we use a trick similar to pg_dump's?
>>
>>> I see it - we can move function (content) fmtId from dumputils.c to libpq.
>>
>> This is not a good idea.  pg_dump can be expected to be up-to-date with
>> the backend's keyword list, but libpq cannot.
>>
>> Just quote the thing unconditionally.  It's not worth working harder
>> than that anyway.
>
> I see it.
>
> Pavel
>
>>
>>                        regards, tom lane
>>
>
From: Robert Haas on
On Tue, Dec 29, 2009 at 3:19 PM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
> here is patch

The error handling in quote_literal() doesn't look right to me. The
documentation for PQescapeStringConn says that it stores an error
message in the conn object, but your code ignores that and prints out
a generic message instead. That doesn't seem right: but then it
further goes on to call exit(1), which seems like a considerable
overreaction to an encoding violation, which is apparently the only
class of error PQescapeStringConn() is documented to throw.

....Robert

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Pavel Stehule on
2009/12/30 Robert Haas <robertmhaas(a)gmail.com>:
> On Tue, Dec 29, 2009 at 3:19 PM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
>> here is patch
>
> The error handling in quote_literal() doesn't look right to me.  The
> documentation for PQescapeStringConn says that it stores an error
> message in the conn object, but your code ignores that and prints out
> a generic message instead.  That doesn't seem right: but then it
> further goes on to call exit(1), which seems like a considerable
> overreaction to an encoding violation, which is apparently the only
> class of error PQescapeStringConn() is documented to throw.

Actually I am not sure about the adequate solution. Now, the lexer
doesn't return any error. Any handled errors are fatal, and lexer (and
psql) is finished with exit(1) - so there are not checking status
after any lexer call. It is question if we have to do it. Because
error will be raised in next stage:

"Presently the only possible error conditions involve invalid
multibyte encoding in the source string. The output string is still
generated on error, but it can be expected that the server will reject
it as malformed. On error, a suitable message is stored in the conn
object, whether or not error is NULL."

http://www.postgresql.org/docs/8.4/static/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING

so probably - we can quietly ignore this error without security or
functionality issues.

I see two solution:

a) print correct message and exit(1)
b) quietly ignore this error - it's more warning than error, because
error will be raised immediately

Third variant, checking lexer status over every call is maybe non
adequate to frequency of this error and an importance of this patch. I
am for a.

Regards, and happy new year
Pavel

>
> ...Robert
>

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Tom Lane on
Pavel Stehule <pavel.stehule(a)gmail.com> writes:
> a) print correct message and exit(1)

Which part of "no, you're not doing that" wasn't clear to you?

The error handling in this function should be no different from that
in the existing escaping functions. exit(1) is completely unacceptable.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Tom Lane on
Pavel Stehule <pavel.stehule(a)gmail.com> writes:
> here is patch

I looked at this patch a bit, and I think the real problem with it is
that it's not multibyte safe. You've copied backend code that is
allowed to assume it's in a safe encoding (ie, one where multibyte
characters can't contain non-high-bit-set bytes). This is not okay
on the client side, see SJIS and similar encodings.

Where you need to start out is by cloning PQescapeStringConn, which does
a similar type of transformation correctly even in unsafe encodings.
I think we'd agreed upthread that libpq should provide
PQescapeIdentifier functionality anyhow.

Once you've actually read that code, you'll realize that it's okay to
treat the error result as a warning, which resolves the other point
of concern. Just print the message and use the result anyway.

regards, tom lane

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers