Subject: | incorrect parsing for placeholders |
The logic that parses the query for placeholders is broken for a number
of (admittedly mostly rare) edge cases:
# expects two placeholders, gets one:
$s=$d->prepare(q[select ? // ?]);
# expects one placeholder, gets two:
$s=$d->prepare(q[select $a0$ ? $a0$,?]);
# expects one placeholder, gets zero:
$s=$d->prepare(q[select * from "\" where a=?]);
# iff standard_conforming_strings is set,
# expects one placeholder, gets zero:
$s=$d->prepare(q[select '\',?]);
These are all due to mismatches between DBD::Pg's parsing logic and that
of the server. Specifically: // is not a comment in SQL, and in postgres
it is a legitimate name for a user-defined operator; the delimiter
string of a dollar-quote follows identifier rules, i.e. while the first
character may not be a digit, following characters may be; \-escapes are
not applicable inside " " quotes; \-escapes apply in ' ' quotes (without
E) only if standard_conforming_strings is not set.