Обсуждение: Port Bug Report: parse error not detected on unterminated quote
============================================================================ POSTGRESQL BUG REPORT TEMPLATE ============================================================================ Your name : Kyle Bateman Your email address : kyle@actarg.com Category : runtime: back-end: SQL Severity : serious Summary: parse error not detected on unterminated quote System Configuration -------------------- Operating System : Linux Redhat 5.2 PostgreSQL version : 6.5 Compiler used : Hardware: --------- Versions of other tools: ------------------------ Linux tao.actarg.com 2.0.36 #3 Tue Apr 6 14:20:35 MDT 1999 i686 unknown -------------------------------------------------------------------------- Problem Description: -------------------- If a single quote is left unmatched in the query, the parser seems to throw away the rest of the line without detecting an error. If the quote appears before a where clause, the results can be disasterous as the whole table might be deleted, updated, etc. -------------------------------------------------------------------------- Test Case: ---------- Enter a select like this: select * from mytable where id = 1234; You should get only one record. Now put in an errant single quote: select * from mytable' where id = 1234; Now you get the whole table. This should really be a syntax error of some kind. If the query is a delete or an update, this can be a nasty problem. -------------------------------------------------------------------------- Solution: --------- I suppose the parser should check at the end of the command to see if any unterminated quoted material is still pending. --------------------------------------------------------------------------
Re: [PORTS] Port Bug Report: parse error not detected on unterminated quote
От
Thomas Lockhart
Дата:
> Problem Description: > -------------------- > If a single quote is left unmatched in the query, the parser > seems to throw away the rest of the line without detecting > an error. > Test Case: > ---------- > Enter a select like this: > select * from mytable where id = 1234; > You should get only one record. > > Now put in an errant single quote: > select * from mytable' where id = 1234; > Now you get the whole table. This should really be a > syntax error of some kind. And seems to be: postgres=> select * from mytable' where id = 1234; postgres'> ' postgres-> ; ERROR: parser: parse error at or near "'" postgres=> This is on a RH5.2 system with with the cvs distribution of Postgres (rather than v6.5 exactly). But the parsing behavior should be the same. I'm not sure what could be different in our installations... - Thomas -- Thomas Lockhart lockhart@alumni.caltech.edu South Pasadena, California
At 16:31 +0300 on 30/06/1999, Thomas Lockhart wrote: > And seems to be: > > postgres=> select * from mytable' where id = 1234; > postgres'> ' > postgres-> ; > ERROR: parser: parse error at or near "'" > postgres=> > > This is on a RH5.2 system with with the cvs distribution of Postgres > (rather than v6.5 exactly). But the parsing behavior should be the > same. I'm not sure what could be different in our installations... In psql, it will probably never be a problem, because it demands that you close the quotation mark (that "postgres'>" prompt). It doesn't send anything to the backend until you have closed the quotation and type \g or ';'. But what happens if the above query is sent through one of the other interfaces, like pqlib? Herouth -- Herouth Maoz, Internet developer. Open University of Israel - Telem project http://telem.openu.ac.il/~herutma
> But what happens if the above query is sent through one of the other > interfaces, like pqlib? Right. It's a problem... - Thomas -- Thomas Lockhart lockhart@alumni.caltech.edu South Pasadena, California