Changes between Initial Version and Version 1 of Ticket #21181, comment 19
- Timestamp:
- Aug 10, 2020, 11:50:56 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21181, comment 19
initial v1 1 Yes, `quote_name` cannot protect against SQL injections , it shouldn't be an issue just like `Func(func)` also allows injections? As long as `collation` is not under user control it should not be an issue.1 Yes, `quote_name` cannot protect against SQL injections. It shouldn't be an issue just like `Func(func)` also allows injections? As long as `collation` is not under user control it should not be an issue. 2 2 3 3 Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see a way around that?