Closed sahuguet closed 14 years ago
It works, but only with named captures, so you need to use something like this:
location ~ ^/test/(?<id>\d+)$ {
postgres_pass database;
rds_json on;
postgres_escape $name $id;
postgres_query "SELECT $name";
}
I don't consider this an issue, so I'll close it.
I am happy to see there is a way to make it work. It solves my problem.
But I think having $5 work with postgres_query and not with postgres_escape is weird. All variables should be treated equally.
regards and thanks for the super quick answer.
Arnaud
Actually, it still does not work. I am getting: unknown "id" variable
Maybe you're using old nginx or PCRE? I've just tested it and it works just fine on 0.8.48.
I am using 0.7.67. I installed it a few days ago with the latest PCRE.
You need nginx-0.8.25+ for named captures support.
Alternatively you can use set_quote_sql_str for=pg
from set-misc-nginx-module. It's as safe as postgres_escape
and it should work with anonymous captures.
FYI: I've just rewritten postgres_escape
and it can handle anonymous regex captures now.
I want to escape a variable that gets captured from the url via a regex.
location ~ ^/test/(\d+)$ { postgres_pass database; rds_json on; postgres_escape $name $1; postgres_query "SELECT $name"; }
nginx complains when parsing the config file. [emerg]: unknown "1" variable
Is there a special syntax for captured variables? Is it something not supported?
regards,
Arnaud