| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Willy-Bas Loos" <willybas(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: escaped rolenames in pg_has_role |
| Date: | 2007-06-26 15:05:53 |
| Message-ID: | 19846.1182870353@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Willy-Bas Loos" <willybas(at)gmail(dot)com> writes:
> The problem is that pg_has_role does not recognize the usernames when they
> are escaped by quote_literal or quote_ident.
Don't use quote_ident here. In fact, I'd say that you appear to have
completely misunderstood the appropriate rules for quoting at all.
If you are passed data that you don't know if it's quoted or not, what
the heck are you supposed to do with it? A quote in the data might be
real data or quoting, and you have no way to tell the difference.
You need to redesign your function stack to eliminate that ambiguity.
I'd recommend that data items never have quoting, except at the instant
that they get embedded into SQL strings (which this function isn't doing
at all, and so it does not need to quote the name).
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2007-06-26 15:15:24 | Re: how to implement unusual constraint |
| Previous Message | Willy-Bas Loos | 2007-06-26 14:44:36 | escaped rolenames in pg_has_role |