BUG #16282: Avoid sql-injections at identifiers
Started by PG Bug reporting formabout 6 years ago1 messagesbugs
The following bug has been logged on the website:
Bug reference: 16282
Logged by: RekGRpth
Email address: rekgrpth@gmail.com
PostgreSQL version: 12.2
Operating system: Docker alpine edge
Description:
To avoid sql-injections at identifiers I suggest to create new IDOID type
for PQexecParams (and others libpq) and SPI_execute_with_args (and other
spi) that will bw worked as %I in format command.
Now I need use PQescapeIdentifier for libpq and quote_identifier for spi,
but with new IDOID type I can transfrer identifiers wia args with this type!