pub fn validate_postgres_identifier(identifier: &str) -> Result<()>Expand description
Validate a PostgreSQL identifier (database name, schema name, etc.)
Validates that an identifier follows PostgreSQL naming rules to prevent SQL injection. PostgreSQL identifiers must:
- Be 1-63 characters long
- Start with a letter (a-z, A-Z) or underscore (_)
- Contain only letters, digits (0-9), or underscores
§Arguments
identifier- The identifier to validate (database name, schema name, etc.)
§Returns
Returns Ok(()) if the identifier is valid.
§Errors
Returns an error if the identifier:
- Is empty or whitespace-only
- Exceeds 63 characters
- Starts with an invalid character (digit or special character)
- Contains invalid characters (anything except a-z, A-Z, 0-9, _)
§Security
This function is critical for preventing SQL injection attacks. All database names, schema names, and table names from untrusted sources MUST be validated before use in SQL statements.
§Examples
// Valid identifiers
validate_postgres_identifier("mydb")?;
validate_postgres_identifier("my_database")?;
validate_postgres_identifier("_private_db")?;
// Invalid - will return error
assert!(validate_postgres_identifier("123db").is_err());
assert!(validate_postgres_identifier("my-database").is_err());
assert!(validate_postgres_identifier("db\"; DROP TABLE users; --").is_err());