pq:escapeLiteral does it need conn-db? #18
Comments
I am using E'' notation, should not that be proper for pq:escapeLiteral in all cases? I remember some database warning appearing if there are escapes without E. |
|
I have noticed also that space before E, should it be? |
|
GNU Support writes:
Does escaping really needs conn-db and why? Should not escaping be independent of connection?
Finally escaping function could be used to generate SQL without having a database connection.
yes, the functions PQescapeLiteral and PQescapeIdentifier need it, see
https://www.postgresql.org/docs/13/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
The manual mentions error reporting and encoding reasons.
Additionally when escaping don't you think that E'' notation should be used?
I didn't implement the escaping, I just made the one in libpq available
to the lisp world so I don't really have an opinion on the design
decisions behind it...
```
(pq:escapeLiteral cf-db "\"") ⇒ "'\"'"
(sql-escape-string "\"") ⇒ "E'\"'"
```
I am using E'' notation, should not that be proper for
pq:escapeLiteral?
I don't care as long they both denote the same literal...
`(pq:escapeLiteral cf-db "\\\\\\\\") ⇒ " E'\\\\\\\\\\\\\\\\'"`
I have noticed also that space before E, should it be?
Safer that way.
|
|
* Andreas Seltenreich ***@***.***> [2021-05-31 09:15]:
GNU Support writes:
> Does escaping really needs conn-db and why? Should not escaping be independent of connection?
> Finally escaping function could be used to generate SQL without having a database connection.
yes, the functions PQescapeLiteral and PQescapeIdentifier need it, see
https://www.postgresql.org/docs/13/libpq-exec.html#LIBPQ-EXEC-ESCAPE-STRING
The manual mentions error reporting and encoding reasons.
Thanks. I don't know what is "literal constants". In other words, is
this function `pq:escapeLiteral` useful for continous escaping
strings? Should I rather use that one or the one I made myself?
The reference on the above link also says that in case of error it
should return NULL.
I was expecting this to return NULL, but it returns escaped "nil":
(pq:escapeLiteral cf-db nil) ⇒ "'nil'"
So maybe that is something to think about. Sometimes strings are
nothing, like NIL and then they should be NULL. I do have several use
cases for that.
(sql-escape-string nil) ⇒ "NULL"
So unless it returns "NULL" on NIL input, I cannot replace it.
Other weird cases:
(pq:escapeLiteral cf-db t) ⇒ "'t'"
I don't think number should be converted to string, it would be better to fail.
(pq:escapeLiteral cf-db 2) ⇒ "'2'"
Description says: Perform literal value quoting on STRING... but
anything may be given, not just a string. IMHO it should fail if
it is not string and in some cases return NULL.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Does escaping really needs conn-db and why? Should not escaping be independent of connection?
Finally escaping function could be used to generate SQL without having a database connection.
The text was updated successfully, but these errors were encountered: