Skip to content

Escape PostgreSQL options#3800

Merged
abonander merged 5 commits intolaunchbadge:mainfrom
V02460:postgresql-escape-options
Jun 30, 2025
Merged

Escape PostgreSQL options#3800
abonander merged 5 commits intolaunchbadge:mainfrom
V02460:postgresql-escape-options

Conversation

@V02460
Copy link
Copy Markdown
Contributor

@V02460 V02460 commented Mar 21, 2025
edited by abonander
Loading

Properly escape PostgreSQL options containing spaces and backslash characters as specified under https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-OPTIONS.

Fixes #2027

Is this a breaking change?

No, this change fixes behavior that I consider a minor edge case.

Yes,

anyone who's already manually escaping options will get different, likely incorrect, results after this patch

abonander
abonander requested changes Mar 21, 2025
View reviewed changes
Comment thread sqlx-postgres/src/options/mod.rs Outdated
Comment thread sqlx-postgres/src/options/mod.rs Outdated
@abonander
Copy link
Copy Markdown
Collaborator

abonander commented Mar 21, 2025

This is technically a breaking behavior change as well, because anyone who's already manually escaping options will get different, likely incorrect, results after this patch.

This should also document that the strings will be escaped:

sqlx/sqlx-postgres/src/options/mod.rs

Lines 496 to 504 in e474be6

/// Set additional startup options for the connection as a list of key-value pairs.
///
/// # Example
///
/// ```rust
/// # use sqlx_postgres::PgConnectOptions;
/// let options = PgConnectOptions::new()
/// .options([("geqo", "off"), ("statement_timeout", "5min")]);
/// ```

Alternatively, we don't do this internally but instead expose PgEscapeOption and direct people to use it. That would be backwards-compatible.

@V02460 @abonander
Use raw string literals in test case
72697b3 
Co-authored-by: Austin Bonander <austin.bonander@gmail.com>
@V02460
Copy link
Copy Markdown
Contributor Author

V02460 commented Mar 23, 2025

Alternatively, we don't do this internally but instead expose PgEscapeOption and direct people to use it. That would be backwards-compatible.

This would leak implementation details and keep a foot gun around, so I’d caution against that.

@abonander
Copy link
Copy Markdown
Collaborator

abonander commented Mar 23, 2025
edited
Loading

This would leak implementation details and keep a foot gun around, so I’d caution against that.

  1. It's a detail of the underlying protocol, which can be important to understand.
  2. We could emit a warning log if someone provides a string that isn't properly escaped.
  3. I have learned that silent changes to behavior tend to trip people up regardless, because not everyone reads the CHANGELOG or reads it thoroughly. Hyrum's Law has always held true.
  4. Users who aren't prepared to upgrade to a new major version won't be able to benefit.

If you're fine waiting for this to hit 0.9.0, then it doesn't matter.

@abonander abonander added this to the 0.9.0 milestone Apr 14, 2025
@V02460 V02460 requested a review from abonander April 15, 2025 09:54
@abonander abonander merged commit 1341b39 into launchbadge:main Jun 30, 2025
81 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abonander abonander Awaiting requested review from abonander

Assignees

No one assigned

Labels

breaking

Projects

None yet

Milestone

0.9.0

Development

Successfully merging this pull request may close these issues.

PgConnectOptions.options are not URL encoded

2 participants

@V02460 @abonander