Open michalrus opened 6 years ago
This specific case is actually mentioned in the documentation for Values (emphasis mine):
The first argument is a list of postgresql type names. Because this is turned into a properly quoted identifier, the type name is case sensitive and must be as it appears in the pg_type table. Thus, you must write
timestamptz
instead oftimestamp with time zone
,int4
instead ofinteger
orserial
,_int8
instead ofbigint[]
, etcetera.
Why not generate correct SQL instead? =)
What's not correct about the SQL being generated? You do understand what the double quotes are for, right?
It’s not correct for types with spaces, is it?
Are they for SQLi prevention? How would I introduce one, hmmm; I’d have to pass a string from a user in this data Value
constructor’s first param. Would you do that? :P That would require pretty advanced users, to be useful. :man_shrugging:
The situation around quoting and escaping seems to be a bit messy and ad hoc at the moment, unfortunately :(.
If I do:
The following happens in run-time:
The same error is achievable in PostgreSQL by running:
which results in:
A version without quotes works correctly:
A workaround is to use a short form,
timestamptz
, instead oftimestamp with time zone
. But this might not be available for other types.