I thought of that but I assume we were not accepting user-supplied identifiers for this --- that this was only for application use. Am I wrong?
Well, yes the plan was to accept user-supplied identifiers...
If you insist on a practical example, I can certainly imagine someone thinking it'd be cool to allow searches on a user-selected column, and implementing that by passing the user-given column name straight into the query with only PQescapeIdentifier for safety.
Yes, phpPgAdmin sure would. I imagine this would be a nightmare to address properly, so perhaps we should remove the function :(
---------------------------(end of broadcast)--------------------------- TIP 6: explain analyze is your friend
