Обсуждение: Port Bug Report: parse error not detected on unterminated quote
============================================================================
POSTGRESQL BUG REPORT TEMPLATE
============================================================================
Your name : Kyle Bateman
Your email address : kyle@actarg.com
Category : runtime: back-end: SQL
Severity : serious
Summary: parse error not detected on unterminated quote
System Configuration
--------------------
Operating System : Linux Redhat 5.2
PostgreSQL version : 6.5
Compiler used :
Hardware:
---------
Versions of other tools:
------------------------
Linux tao.actarg.com 2.0.36 #3 Tue Apr 6 14:20:35 MDT 1999 i686 unknown
--------------------------------------------------------------------------
Problem Description:
--------------------
If a single quote is left unmatched in the query, the parser
seems to throw away the rest of the line without detecting
an error.
If the quote appears before a where clause, the results can
be disasterous as the whole table might be deleted, updated,
etc.
--------------------------------------------------------------------------
Test Case:
----------
Enter a select like this:
select * from mytable where id = 1234;
You should get only one record.
Now put in an errant single quote:
select * from mytable' where id = 1234;
Now you get the whole table. This should really be a
syntax error of some kind.
If the query is a delete or an update, this can be a nasty
problem.
--------------------------------------------------------------------------
Solution:
---------
I suppose the parser should check at the end of the command
to see if any unterminated quoted material is still pending.
--------------------------------------------------------------------------
Re: [PORTS] Port Bug Report: parse error not detected on unterminated quote
От
Thomas Lockhart
Дата:
> Problem Description:
> --------------------
> If a single quote is left unmatched in the query, the parser
> seems to throw away the rest of the line without detecting
> an error.
> Test Case:
> ----------
> Enter a select like this:
> select * from mytable where id = 1234;
> You should get only one record.
>
> Now put in an errant single quote:
> select * from mytable' where id = 1234;
> Now you get the whole table. This should really be a
> syntax error of some kind.
And seems to be:
postgres=> select * from mytable' where id = 1234;
postgres'> '
postgres-> ;
ERROR: parser: parse error at or near "'"
postgres=>
This is on a RH5.2 system with with the cvs distribution of Postgres
(rather than v6.5 exactly). But the parsing behavior should be the
same. I'm not sure what could be different in our installations...
- Thomas
--
Thomas Lockhart lockhart@alumni.caltech.edu
South Pasadena, California
At 16:31 +0300 on 30/06/1999, Thomas Lockhart wrote: > And seems to be: > > postgres=> select * from mytable' where id = 1234; > postgres'> ' > postgres-> ; > ERROR: parser: parse error at or near "'" > postgres=> > > This is on a RH5.2 system with with the cvs distribution of Postgres > (rather than v6.5 exactly). But the parsing behavior should be the > same. I'm not sure what could be different in our installations... In psql, it will probably never be a problem, because it demands that you close the quotation mark (that "postgres'>" prompt). It doesn't send anything to the backend until you have closed the quotation and type \g or ';'. But what happens if the above query is sent through one of the other interfaces, like pqlib? Herouth -- Herouth Maoz, Internet developer. Open University of Israel - Telem project http://telem.openu.ac.il/~herutma
> But what happens if the above query is sent through one of the other
> interfaces, like pqlib?
Right. It's a problem...
- Thomas
--
Thomas Lockhart lockhart@alumni.caltech.edu
South Pasadena, California