Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: special char in dbname is not correctly handled #77

Open
kainwen opened this issue Aug 17, 2022 · 3 comments
Open

Bug: special char in dbname is not correctly handled #77

kainwen opened this issue Aug 17, 2022 · 3 comments
Milestone
7.0

Comments

@kainwen
Copy link

kainwen commented Aug 17, 2022

Reproduce Steps

First go to Postgres to create a database:

CREATE DATABASE "funny""db'with\\quotes";

Then run the following python code:

In [1]: import pgdb

In [2]: dbname = 'funny\"db\'with\\\\quotes'

In [3]: pgdb.connect(database=dbname)
Out[3]: <pgdb.Connection at 0x10e4f0af0>

In [4]: pgdb.connect(database=dbname, port=5432)
---------------------------------------------------------------------------
InternalError                             Traceback (most recent call last)
<ipython-input-4-ac96bf54cbc4> in <module>
----> 1 pgdb.connect(database=dbname, port=5432)

/Library/Python/3.8/site-packages/pgdb.py in connect(dsn, user, password, host, database, **kwargs)
   1725     # open the connection
   1726     # noinspection PyArgumentList
-> 1727     cnx = _connect(dbname, dbhost, dbport, dbopt, dbuser, dbpasswd)
   1728     return Connection(cnx)
   1729

InternalError: connection to server on socket "/tmp/.s.PGSQL.5432" failed: FATAL:  database "funny"db'with\quotes" does not exist

The strange thing is:

  • [3] is OK
  • [4] errors out

RCA

[4] pass port=5432 as kwarg, so it will enter this line of code https://github.com/PyGreSQL/PyGreSQL/blob/master/pgdb.py#L1721, and here it only escape dbname when there is space in dbname.

And the dbname variable here is confusing, it will also add port in the string.
@SmartKeyerror
Copy link

Maybe some refactoring should be done to the function connect() 🤔

@SmartKeyerror
Copy link

@Cito Hi~ Do we have a plan to refactor the function of connect() in pgdb.py? Since the semantics and parameter settings of this function are weird and ambiguous.

For example, the DSN string can't support adding a port to it, cause the format must be 'host:base:user:passwd:opt', we can just add a port to the named parameter host using IP:PORT.

And if we use both DSN and named parameters, there will be mutual coverage. From the current code point of view, named parameters will override the value in DSN.

From my experience, it's better to make the function semantics clearer, just like pymysql.connect:

connection = pymysql.connect(host='localhost',
                             user='user',
                             password='passwd',
                             database='db',
                             port='port')

@Cito Cito added this to the 6.0 milestone Aug 18, 2022
@Cito
Copy link
Member

Cito commented Aug 18, 2022

Will look into this in the next major version which will also allow us to introduce some breaking changes.

kainwen added a commit to kainwen/gpdb that referenced this issue Aug 19, 2022
@kainwen
Escape database name for dbconn.
93e0c8b 
This is really a bug of the Python Package PyGreSQL,
see issue: PyGreSQL/PyGreSQL#77

As a workaround, let's modify GPDB's code to manually
escape before passing args to pgdb.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
7.0
Development

No branches or pull requests
3 participants
@Cito @SmartKeyerror @kainwen