Re: non-standard escapes in string literals

OK, I was wrong. '' can be sufficient. The DB just has to treat everything
between single quotes as data except for '' which is treated as a ' in the
data.

However raw control characters can still cause problems in the various
stages from the source to the DB.

Cheerio,
Link.

Lincoln Yeoh wrote:
Quoting is to help separate data from commands. Though '' is sufficient for
quoting ' it seems to me not sufficient for control characters.

Lincoln Yeoh writes:

> However raw control characters can still cause problems in the various
> stages from the source to the DB.

I still don't see why. You are merely speculating about implementation
fallacies that aren't there.

--
Peter Eisentraut peter_e(at)gmx(dot)net

Yes it's speculation. The implementation at the DB isn't there, neither are
the associated DBD/JDBC/ODBC drivers for it.

Basically if the fallacies aren't in postgresql _if_ the decision is to
implement it, I'd be happy.

I was just noting (perhaps superfluously) that backspaces and friends
(nulls) have been useful for exploiting databases (and other programs).
Recently at least one multibyte character (0x81a2) allowed potential
security problems with certain configurations/installations of Postgresql.
Would switching to the standard cause such problems to be less or more
likely? Would making it an option make such problems more likely?

Cheerio,
Link.

p.s. Even +++AT[H]<cr>(remove square brackets and <cr> = carriage return)
as data can cause problems sometimes - esp with crappy modems. Once there
was a site whose EDI metadata had lots of +++ and they were experiencing
"bad connections" <grin>...

At 07:10 PM 6/6/02 +0200, Peter Eisentraut wrote:
>Lincoln Yeoh writes:
>
> > However raw control characters can still cause problems in the various
> > stages from the source to the DB.
>
>I still don't see why. You are merely speculating about implementation
>fallacies that aren't there.
>
>--
>Peter Eisentraut peter_e(at)gmx(dot)net