From: Pavel Stehule on
2010/1/11 Robert Haas <robertmhaas(a)gmail.com>:
> On Tue, Jan 5, 2010 at 8:23 AM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
>> 2010/1/5 Tom Lane <tgl(a)sss.pgh.pa.us>:
>>> Robert Haas <robertmhaas(a)gmail.com> writes:
>>>> On Mon, Jan 4, 2010 at 2:51 PM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
>>>>> I don't have a problem to write second and safe fmtId
>>>>> function (with technique used in dumputils don't need to modify
>>>>> libpq), although fmtId do exactly what I need. I would to understand
>>>>> to behave.
>>>
>>>> I think you mean that you would need to understand how it should
>>>> behave - in which case I agree, but I think  Tom spelled that out
>>>> pretty clearly upthread: close PQescapeStringConn and adapt it to be
>>>> PQescapeIdentifier.
>>>
>>> The more important point here is that fmtId doesn't do "exactly what you
>>> need" in any case.  fmtId is safe to use in pg_dump because pg_dump is
>>> only expected to work with the same or older version of the backend.
>>> It would not be safe to use it in libpq, which is expected to still work
>>> with newer backends that might have more reserved words.
>>
>> So I finnaly moved to libpq PQescapeIdentConn function
>>
>> patch is attached.
>
> No longer applies, please rebase.

ok I'll do it today

Pavel

>
> Thanks,
>
> ...Robert
>

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Pavel Stehule on
Hello

>
> No longer applies, please rebase.
>

fixed, sorry

Pavel

> Thanks,
>
> ...Robert
>
From: Robert Haas on
On Mon, Jan 11, 2010 at 6:54 AM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
>> No longer applies, please rebase.
>
> fixed, sorry

Hmm. I think that pqEscapeIdentConn should be in a separate section
of the documentation, entitled "Escaping Identifiers for Inclusion in
SQL Commands". Or else we should merge the existing sections
"Escaping Strings for Inclusion in SQL Commands" and "Escaping Binary
Strings for Inclusion in SQL Commands" and then put this in there too.

On a perhaps-related note, does anyone understand why "Escaping
Strings for Inclusion in SQL Commands" is formatted in a way that is
needlessly inconsistent with the preceding and following sections? I
was surprised by the magnitude of the doc diff hunk in this patch, but
when I looked at it it seems to read more clearly with these changes.

I have yet to fully review the code but on a quick glance it looks reasonable.

....Robert

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Pavel Stehule on
2010/1/15 Robert Haas <robertmhaas(a)gmail.com>:
> On Mon, Jan 11, 2010 at 6:54 AM, Pavel Stehule <pavel.stehule(a)gmail.com> wrote:
>>> No longer applies, please rebase.
>>
>> fixed, sorry
>


my idea was:

* string
* escape_string
* escape_ident
* bytea
* escape_bytea

But I am not strong in it. Maybe this part of doc needs more love -
long time there are doc to deprecated functions. It could be moved.

Pavel
> Hmm.  I think that pqEscapeIdentConn should be in a separate section
> of the documentation, entitled "Escaping Identifiers for Inclusion in
> SQL Commands".  Or else we should merge the existing sections
> "Escaping Strings for Inclusion in SQL Commands" and "Escaping Binary
> Strings for Inclusion in SQL Commands" and then put this in there too.
>
> On a perhaps-related note, does anyone understand why "Escaping
> Strings for Inclusion in SQL Commands" is formatted in a way that is
> needlessly inconsistent with the preceding and following sections?  I
> was surprised by the magnitude of the doc diff hunk in this patch, but
> when I looked at it it seems to read more clearly with these changes.
>
> I have yet to fully review the code but on a quick glance it looks reasonable.
>
> ...Robert
>

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

From: Robert Haas on
On Thu, Jan 14, 2010 at 8:46 PM, Robert Haas <robertmhaas(a)gmail.com> wrote:
> I have yet to fully review the code but on a quick glance it looks reasonable.

On further review, it looks less reasonable. :-(

The new PQescapeIdentConn function is basically a cut-up version of
PQescapeStringInternal, which seems like a reasonable foundation, but
it rips out a little too much - specifically:

1. the length argument,
2. the size_t return value,
3. the portion of the handling for incomplete multibyte characters
that prevents us from overrunning the output buffer on a maliciously
constructed (or unlucky) input string, and
4. some relevant comments.

I'm inclined to think we should put all of that stuff back, but
certainly #3 at a minimum.

....Robert

--
Sent via pgsql-hackers mailing list (pgsql-hackers(a)postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers