On 4/15/09, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> Marko Kreen <markokr@gmail.com> writes:
> > Whats wrong with requiring U& to conform with stdstr=off quoting rules?
>
> The sole and only excuse for that misbegotten syntax is to be exactly
> SQL spec compliant --- otherwise we might as well pick something saner.
> So it needs to work like stdstr=on. I thought Peter's proposal of
> rejecting it altogether when stdstr=off might be reasonable. The space
> sensitivity around the & still sucks, but I have not (yet) thought of
> a credible security exploit for that.
So the U& syntax is only available if stdstr=on? Sort of makes sense.
As both this and the doubling-\\ way would mean we should have usable
alternative in case of stdstr=off also, so in the end we have agreed
to accept \u also?
--
marko