Changes between Version 2 and Version 3 of Ticket #21181, comment 19
- Timestamp:
- Aug 10, 2020, 11:53:47 PM (4 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #21181, comment 19
v2 v3 1 1 Yes, `quote_name` cannot protect against SQL injections. It shouldn't be an issue just like `Func(function)` also allows injections? As long as `collation` is not under user control it should not be an issue. 2 2 3 Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see a way around that?3 Since collation names are identifiers and cannot be provided as string literals (see comment:11) I don't see bullet proof way around that. Isn't this something we could explicitly document?