Christopher Kings-Lynne <[EMAIL PROTECTED]> writes: > Here's a question. I wish to add a function to libpq to escape > PostgreSQL identifiers. Will this function be subject to the same > security/encoding issues as PQescapeString?
Is this of any general-purpose use? How many apps are really prepared to let an untrusted user dictate which columns are selected/compared? But to answer your question, yes, I can certainly imagine encoding-related risks... regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly