On Sun, Dec 21, 2014 at 10:27:18AM +0100, pe...@vanroose.be wrote: > On 20.12.2014 15:38, Tim Bunce wrote: > > [...] > > Can you, or anyone else, think of any situation where a backslash before > > a ? or :foo (or even $1) style placeholder might be valid SQL? > > Inside quoted text: of course, yes. > Outside quoted text: maybe some RDBMS accept a backslash as a valid character > in the name of a table or column? (Haven't tried this out yet.) > At least make sure "\?" will not be handled as placeholder inside column name > quoting, as in e.g. > "foo \? bar"
That's standard identifier quoting so should be ignored by the driver for the same reason that single quoted strings are. > or in > [foo \? bar] > with SQL Server, or > `foo \? bar` > for MySQL. For databases that support those non-standard identifier quoting styles the driver should be treating them as strings and so skipping them anyway. > But my fear is that even > foo\?bar > would be accepted as valid column or table name by some RDBMS... I find that very hard to believe without any evidence. Even if true, the driver for such a database would, I presume, treat that ? as a placeholder and so it would already be broken. Tim.
