Re: Request for WikiEditing privilege

Dear Álvaro,

Thanks a lot for giving me the edit permission. I applied all your
suggestions.

I noted, however, that my initial suggestion of using FORMAT + %L does not
work, as it quotes the query supplied to EXPLAIN.
As such, I used FORMAT + %s, with a warning that the function is
susceptible to SQLi.

Best wishes,
Sadeq

On Mon, Nov 11, 2024 at 11:00 AM Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
wrote:

> Hello Sadeq,
>
> On 2024-Nov-11, Sadeq Dousti wrote:
>
> > I would like editor access to the wiki, my username is *msdousti* and I
> > would like to modify the Count Estimate page (
> > https://wiki.postgresql.org/wiki/Count_estimate)
> > At the moment, it uses the string concatenation operator ||, which is
> > susceptible to SQL injection.
>
> Cool. You're an editor now.
>
> > I'd like to mention that, starting 9.1, the FORMAT function accepts %L,
> and
> > add a query that uses %L to perform EXPLAIN (FORMAT JSON).
>
> Sounds good. If you can also modify the page to remove the <source> tag
> and replace it with <syntaxhighlighting> while at it, it'd be great.
> I'd even suggest to add a [[Category:Snippets]] line while at it, so
> that this page shows up in the snippets index page.
>
> --
> Álvaro Herrera Breisgau, Deutschland —
> https://www.EnterpriseDB.com/
>