I have only begun to look into this codebase, but because I am dealing with single-quoted strings I gave their processing a close look…
Background
The lexer expects single quotes to be escaped with backslash, \, but PostgreSQL single-quoted strings do not use backslash escapes. Instead, something like Bob's Burgers would be represented as 'Bob''s Burgers': PostgreSQL interprets two single quotes as an escaped quote within the string. The String Constants section details this. This style of string is standard to SQL.
Indeed, PostgreSQL does not accept backslash escape sequences at all within normal strings. They are only interpreted in the usual manner when occurring within "escape strings". The previous example could be written like so: E'Bob\'s Burgers'. This style of string is an "extension to SQL", which I believe means it's also part of the standard, though not the core.
Concern
The issue arises when a PostgreSQL single-quote string literal uses a backslash as part of its text, next to a single quote. This might happen if someone is inserting pre-escaped text into a table: INSERT INTO restaurants 'Bob\''s Burgers';
The lexer would (I think) interpret the \' as an escaped quote, then end the string on the next quote, causing Burgers to be interpreted as a keyword.
I have only begun to look into this codebase, but because I am dealing with single-quoted strings I gave their processing a close look…
Background
The lexer expects single quotes to be escaped with backslash, \, but PostgreSQL single-quoted strings do not use backslash escapes. Instead, something like Bob's Burgers would be represented as
'Bob''s Burgers': PostgreSQL interprets two single quotes as an escaped quote within the string. The String Constants section details this. This style of string is standard to SQL.Indeed, PostgreSQL does not accept backslash escape sequences at all within normal strings. They are only interpreted in the usual manner when occurring within "escape strings". The previous example could be written like so:
E'Bob\'s Burgers'. This style of string is an "extension to SQL", which I believe means it's also part of the standard, though not the core.Concern
The issue arises when a PostgreSQL single-quote string literal uses a backslash as part of its text, next to a single quote. This might happen if someone is inserting pre-escaped text into a table:
INSERT INTO restaurants 'Bob\''s Burgers';The lexer would (I think) interpret the
\'as an escaped quote, then end the string on the next quote, causing Burgers to be interpreted as a keyword.