http://www.exim.org/exim-html-current/doc/html/spec_html/ch-file_and_database_lookups.html
spec says:
> The quote_mysql, quote_pgsql, and quote_oracle expansion operators
> convert newline, tab, carriage return, and backspace to \n, \t, \r,
> and \b respectively, and the characters single-quote, double-quote,
> and backslash itself are escaped with backslashes. The quote_pgsql
> expansion operator, in addition, escapes the percent and underscore
> characters. This cannot be done for MySQL because these escapes are
> not recognized in contexts where these characters are not special.
this is mysterious:
In postgresql queries {\_} means the same as {_} in any place where
{\n} means newline. if this was doing something useful it was being
misused.
It's also wrong. {'} is actually escaped as {''} as it should be.
escaping it as {\'} leads to sql injection vulerability where
standard_confroming_strings are used accidentally.
So, strange, but harmless.
--
umop apisdn
