Changes between Version 1 and Version 2 of Ticket #21181, comment 19
- Timestamp:
- Aug 10, 2020, 11:52:44 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21181, comment 19
v1 v2 1 Yes, `quote_name` cannot protect against SQL injections. It shouldn't be an issue just like `Func(func )` also allows injections? As long as `collation` is not under user control it should not be an issue.1 Yes, `quote_name` cannot protect against SQL injections. It shouldn't be an issue just like `Func(function)` also allows injections? As long as `collation` is not under user control it should not be an issue. 2 2 3 3 Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see a way around that?