Changes between Version 2 and Version 3 of Ticket #21181, comment 19


Ignore:
Timestamp:
Aug 10, 2020, 11:53:47 PM (4 years ago)
Author:
Simon Charette

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21181, comment 19

    v2 v3  
    11Yes, `quote_name` cannot protect against SQL injections. It shouldn't be an issue just like `Func(function)` also allows injections? As long as `collation` is not under user control it should not be an issue.
    22
    3 Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see a way around that?
     3Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see bullet proof way around that. Isn't this something we could explicitly document?
Back to Top