Revision 2571
Added by Aaron Marcuse-Kubitza over 12 years ago
| lib/sql_gen.py | ||
|---|---|---|
| 9 | 9 |
|
| 10 | 10 |
##### Escaping |
| 11 | 11 |
|
| 12 |
def is_safe_name(name): return re.match(r'^\w+$', name)
|
|
| 12 |
def is_safe_name(name): return re.match(r'^[^\WA-Z]+$', name) # no uppercase
|
|
| 13 | 13 |
|
| 14 | 14 |
def esc_name(name, quote='"'): |
| 15 | 15 |
return quote + name.replace(quote, quote+quote) + quote |
Also available in: Unified diff
sql_gen.py: is_safe_name(): Don't consider uppercase letters safe because they would cause inconsistent behavior in PostgreSQL if quoted vs. not quoted (only unquoted identifiers are case-insensitive)