postgres_escape not working with captured variable from regex

[sahuguet]

I want to escape a variable that gets captured from the url via a regex.

location ~ ^/test/(\d+)$ { postgres_pass database; rds_json on; postgres_escape $name $1; postgres_query "SELECT $name"; }

nginx complains when parsing the config file. [emerg]: unknown "1" variable

Is there a special syntax for captured variables? Is it something not supported?

regards,

Arnaud

[PiotrSikora]

It works, but only with named captures, so you need to use something like this:

location ~ ^/test/(?<id>\d+)$ {
    postgres_pass    database;
    rds_json         on;
    postgres_escape  $name $id;
    postgres_query   "SELECT $name";
}

I don't consider this an issue, so I'll close it.

[sahuguet]

I am happy to see there is a way to make it work. It solves my problem.

But I think having $5 work with postgres_query and not with postgres_escape is weird. All variables should be treated equally.

regards and thanks for the super quick answer.

Arnaud

[sahuguet]

Actually, it still does not work. I am getting: unknown "id" variable

[PiotrSikora]

Maybe you're using old nginx or PCRE? I've just tested it and it works just fine on 0.8.48.

[sahuguet]

I am using 0.7.67. I installed it a few days ago with the latest PCRE.

[PiotrSikora]

You need nginx-0.8.25+ for named captures support.

Alternatively you can use set_quote_sql_str for=pg from set-misc-nginx-module. It's as safe as postgres_escape and it should work with anonymous captures.

[PiotrSikora]

FYI: I've just rewritten postgres_escape and it can handle anonymous regex captures now.