PostgreSQL Bugs

Collected from the PG bugs email list.

Bug ID16282
PG Version12.2
OSDocker alpine edge
Opened2020-02-28 08:00:33+00
Reported byRekGRpth
StatusNew

Body of first available message related to this bug follows.

The following bug has been logged on the website:

Bug reference:      16282
Logged by:          RekGRpth
Email address:      (redacted)
PostgreSQL version: 12.2
Operating system:   Docker alpine edge
Description:        

To avoid sql-injections at identifiers I suggest to create new IDOID type
for PQexecParams (and others libpq) and SPI_execute_with_args (and other
spi) that will bw worked as %I in format command.

Now I need use PQescapeIdentifier for libpq and quote_identifier for spi,
but with new IDOID type I can transfrer identifiers wia args with this type!

Messages

DateAuthorSubject
2020-02-28 08:00:33+00PG Bug reporting formBUG #16282: Avoid sql-injections at identifiers