Re: PQescapeIdentifier

Christopher Kings-Lynne <chris.kings-lynne@calorieking.com> writes:
> Here's a question. I wish to add a function to libpq to escape 
> PostgreSQL identifiers.  Will this function be subject to the same 
> security/encoding issues as PQescapeString?

Is this of any general-purpose use?  How many apps are really prepared
to let an untrusted user dictate which columns are selected/compared?

But to answer your question, yes, I can certainly imagine
encoding-related risks...
        regards, tom lane