Hi,
I noticed that Postgres issues a fatal error when given a quoted name of
table or column. This is a problem in secured cgi scripts, which quote
everything they get from the user, to avoid malicious users from trying to
execute SQL commands using some engineered input.
shared# select version();
version
---------------------------------------------------------------------
PostgreSQL 7.3.1 on i686-pc-linux-gnu, compiled by GCC egcs-2.91.66
shared# CREATE TABLE 'testtable' ('test' INT);
ERROR: parser: parse error at or near "'testtable'" at character 14
Thanks and have a nice day,
Yaniv