#1190: Proper escaping of quotes in Postgres
----------------------+-----------------------------------------------------
Reporter: cito | Owner: somebody
Type: defect | Status: new
Priority: major | Milestone: 0.8.3
Component: ui | Version: 0.8.4
Keywords: postgres |
----------------------+-----------------------------------------------------
In `dbPostgreSQL`, single quotes are currently escaped using a backslash.
This can lead to problems in newer Postgres versions (see
[http://postgresql.mirrors-r-us.net/docs/techdocs-12.html here]) where
backslash quoting can be restricted or completely switched off. The proper
and SQL standard way for escaping quotes is by doubling them instead of
using the backslash.
The patch simplifies fixes the `escQuote()` method accordingly and also
simplifies `formatDateTime()` a bit.
Note that we are dealing with unicode strings here. The proper way of
quoting encoded strings would be by calling `QuotedString()` from
`psycopg2.extensions`, which calls a special PostgreSQL function that does
so in a secure way.
--
Ticket URL: <http://trac.dabodev.com/ticket/1190>
Dabo Trac <http://trac.dabodev.com>
Trac Page for Dabo
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://leafe.com/mailman/listinfo/dabo-dev
Searchable Archives: http://leafe.com/archives/search/dabo-dev
This message: http://leafe.com/archives/byMID/[EMAIL PROTECTED]
