[Tile-serving] [openstreetmap/osm2pgsql] not using quoted table name in DROP TABLE (#1552)

[Ondrej Pesek]

## What version of osm2pgsql are you using?

master

## What operating system and PostgreSQL/PostGIS version are you using?

Debian 10

## What is the problem?

Throughout the code (see below), the command `DROP TABLE` is used with the table name unquoted (`DROP TABLE {}` instead of `DROP TABLE \"{}\"`). This could cause a problem when a function is called from within a code and the table name contains a character that should be "escaped" (such as `-`).

```
src/table.cpp
95:            "DROP TABLE IF EXISTS {} CASCADE"_format(qual_name));
99:    m_sql_conn->exec("DROP TABLE IF EXISTS {}"_format(qual_tmp_name));
227:        m_sql_conn->exec("DROP TABLE {}"_format(qual_name));

src/middle-pgsql.cpp
89:    db_connection.exec("DROP TABLE IF EXISTS {}"_format(qual_name));
620:                "DROP TABLE IF EXISTS {} CASCADE"_format(qual_name));

src/flex-table.cpp
170:            "DROP TABLE IF EXISTS {} CASCADE"_format(table().full_name()));
175:        "DROP TABLE IF EXISTS {}"_format(table().full_tmp_name()));
249:        m_db_connection->exec("DROP TABLE {}"_format(table().full_name()));
```

## How to fix it?

An obvious fix is to put `\"{}\"` instead of `{}`. I can prepare such PR, it's easy. But I am not sure it's so easy - couldn't it cause some troubles when the function is called from another place with the table name already in double quotes? Because then the command would be for example `DROP TABLE \"\"my-table\"\"`, right?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/osm2pgsql/issues/1552
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/tile-serving/attachments/20210812/0c753bb5/attachment.htm>