On 4/15/09, Tom Lane <[email protected]> wrote: > Marko Kreen <[email protected]> writes: > > Whats wrong with requiring U& to conform with stdstr=off quoting rules? > > The sole and only excuse for that misbegotten syntax is to be exactly > SQL spec compliant --- otherwise we might as well pick something saner. > So it needs to work like stdstr=on. I thought Peter's proposal of > rejecting it altogether when stdstr=off might be reasonable. The space > sensitivity around the & still sucks, but I have not (yet) thought of > a credible security exploit for that.
So the U& syntax is only available if stdstr=on? Sort of makes sense. As both this and the doubling-\\ way would mean we should have usable alternative in case of stdstr=off also, so in the end we have agreed to accept \u also? -- marko -- Sent via pgsql-hackers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
