Re: Should CSV parsing be stricter about mid-field quotes?
On Sat, May 20, 2023 at 09:16:30AM +0200, Joel Jacobson wrote: > On Fri, May 19, 2023, at 18:06, Daniel Verite wrote: > > COPY FROM file CSV somewhat differs as your example shows, > > but it still mishandle \. when unquoted. For instance, consider this > > file to load with COPY t FROM '/tmp/t.csv' WITH CSV > > $ cat /tmp/t.csv > > line 1 > > \. > > line 3 > > line 4 > > > > It results in having only "line 1" being imported. > > Hmm, this is a problem for one of the new use-cases I brought up that would be > possible with DELIMITER NONE QUOTE NONE, i.e. to import unstructured log > files, > where each raw line should be imported "as is" into a single text column. > > Is there a valid reason why \. is needed for COPY FROM filename? No. > It seems to me it would only be necessary for the COPY FROM STDIN case, > since files have a natural end-of-file and a known file size. Right. Even for COPY FROM STDIN, it's not needed anymore since the removal of protocol v2. psql would still use it to find the end of inline COPY data, though. Here's another relevant thread: https://postgr.es/m/flat/bfcd57e4-8f23-4c3e-a5db-2571d09208e2%40beta.fastmail.com
Re: Should CSV parsing be stricter about mid-field quotes?
Kirk Wolak wrote: > We do NOT do "CSV", we mimic pg_dump. pg_dump uses the text format (as opposed to csv), where \. on a line by itself cannot appear in the data, so there's no problem. The problem is limited to the csv format. Best regards, -- Daniel Vérité https://postgresql.verite.pro/ Twitter: @DanielVerite
Re: Should CSV parsing be stricter about mid-field quotes?
On Mon, May 22, 2023 at 12:13 PM Daniel Verite wrote: > Joel Jacobson wrote: > > > Is there a valid reason why \. is needed for COPY FROM filename? > > It seems to me it would only be necessary for the COPY FROM STDIN case, > > since files have a natural end-of-file and a known file size. > > Looking at CopyReadLineText() over at [1], I don't see a reason why > the unquoted \. could not be handled with COPY FROM file. > Even COPY FROM STDIN looks like it could be benefit, so that > \copy from file csv would hopefully not choke or truncate the data. > There's still the case when the CSV data is embedded in a psql script > (psql is unable to know where it ends), but for that, "don't do that" > might be a reasonable answer. > Don't have what looks like a pg_dump script? We specifically create such SQL files with embedded data. Depending on the circumstances, we either confirm that indexes dropped and triggers are disabled... [Or we create a dynamic name, and insert it into a queue table for later processing], and then we COPY the data, ending in \. We do NOT do "CSV", we mimic pg_dump. Now, if you are talking about only impacting a fixed data file format... Sure. But impacting how psql processes these \i included files... (that could hurt)
Re: Should CSV parsing be stricter about mid-field quotes?
Joel Jacobson wrote: > Is there a valid reason why \. is needed for COPY FROM filename? > It seems to me it would only be necessary for the COPY FROM STDIN case, > since files have a natural end-of-file and a known file size. Looking at CopyReadLineText() over at [1], I don't see a reason why the unquoted \. could not be handled with COPY FROM file. Even COPY FROM STDIN looks like it could be benefit, so that \copy from file csv would hopefully not choke or truncate the data. There's still the case when the CSV data is embedded in a psql script (psql is unable to know where it ends), but for that, "don't do that" might be a reasonable answer. [1] https://doxygen.postgresql.org/copyfromparse_8c.html#a90201f711221dd82d0c08deedd91e1b3 Best regards, -- Daniel Vérité https://postgresql.verite.pro/ Twitter: @DanielVerite
Re: Should CSV parsing be stricter about mid-field quotes?
On Fri, May 19, 2023, at 18:06, Daniel Verite wrote: > COPY FROM file CSV somewhat differs as your example shows, > but it still mishandle \. when unquoted. For instance, consider this > file to load with COPYt FROM '/tmp/t.csv' WITH CSV > $ cat /tmp/t.csv > line 1 > \. > line 3 > line 4 > > It results in having only "line 1" being imported. Hmm, this is a problem for one of the new use-cases I brought up that would be possible with DELIMITER NONE QUOTE NONE, i.e. to import unstructured log files, where each raw line should be imported "as is" into a single text column. Is there a valid reason why \. is needed for COPY FROM filename? It seems to me it would only be necessary for the COPY FROM STDIN case, since files have a natural end-of-file and a known file size. /Joel
Re: Should CSV parsing be stricter about mid-field quotes?
Joel Jacobson wrote: > I understand its necessity for STDIN, given that the end of input needs to > be explicitly defined. > However, for files, we have a known file size and the end-of-file can be > detected without the need for special markers. > > Also, is the difference in how server-side COPY CSV is capable of dealing > with \. but apparently not the client-side \COPY CSV documented somewhere? psql implements the client-side "\copy table from file..." with COPY table FROM STDIN ... COPY FROM file CSV somewhat differs as your example shows, but it still mishandle \. when unquoted. For instance, consider this file to load with COPY t FROM '/tmp/t.csv' WITH CSV $ cat /tmp/t.csv line 1 \. line 3 line 4 It results in having only "line 1" being imported. Best regards, -- Daniel Vérité https://postgresql.verite.pro/ Twitter: @DanielVerite
Re: Should CSV parsing be stricter about mid-field quotes?
On Thu, May 18, 2023, at 18:48, Daniel Verite wrote:
> Joel Jacobson wrote:
>> OTOH, one would then need to inspect the TSV file doesn't contain \. on an
>> empty line...
>
> Note that this is the case for valid CSV contents, since backslash-dot
> on a line by itself is both an end-of-data marker for COPY FROM and a
> valid CSV line.
> Having this line in the data results in either an error or having the
> rest of the data silently discarded, depending on the context. There
> is some previous discussion about this in [1].
> Since the TEXT format doesn't have this kind of problem, one solution
> is to filter the data through PROGRAM with an [untrusted CSV]->TEXT
> filter. This is to be preferred over direct CSV loading when
> strictness or robustness are more important than convenience.
>
>
> [1]
> https://www.postgresql.org/message-id/10e3eff6-eb04-4b3f-aeb4-b920192b9...@manitou-mail.org
Thanks for sharing the old thread, very useful.
I see I've failed miserably to understand all the details of the COPY command.
Upon reading the thread, I'm still puzzled about one thing:
Why does \. need to have a special meaning when using COPY FROM with files?
I understand its necessity for STDIN, given that the end of input needs to be
explicitly defined.
However, for files, we have a known file size and the end-of-file can be
detected without the need for special markers.
Also, is the difference in how server-side COPY CSV is capable of dealing
with \. but apparently not the client-side \COPY CSV documented somewhere?
CREATE TABLE t (c text);
INSERT INTO t (c) VALUES ('foo'), (E'\n\\.\n'), ('bar');
-- Works OK:
COPY t TO '/tmp/t.csv' WITH CSV;
TRUNCATE t;
COPY t FROM '/tmp/t.csv' WITH CSV;
-- Doesn't work:
\COPY t TO '/tmp/t.csv' WITH CSV;
TRUNCATE t;
\COPY t FROM '/tmp/t.csv' WITH CSV;
ERROR: unterminated CSV quoted field
CONTEXT: COPY t, line 4: ""
\.
"
/Joel
Re: Should CSV parsing be stricter about mid-field quotes?
Joel Jacobson wrote: > I've been using that trick myself many times in the past, but thanks to this > deep-dive into this topic, it looks to me like TEXT would be a better format > fit when dealing with unquoted TSV files, or? > > OTOH, one would then need to inspect the TSV file doesn't contain \. on an > empty line... Note that this is the case for valid CSV contents, since backslash-dot on a line by itself is both an end-of-data marker for COPY FROM and a valid CSV line. Having this line in the data results in either an error or having the rest of the data silently discarded, depending on the context. There is some previous discussion about this in [1]. Since the TEXT format doesn't have this kind of problem, one solution is to filter the data through PROGRAM with an [untrusted CSV]->TEXT filter. This is to be preferred over direct CSV loading when strictness or robustness are more important than convenience. [1] https://www.postgresql.org/message-id/10e3eff6-eb04-4b3f-aeb4-b920192b9...@manitou-mail.org Best regards, -- Daniel Vérité https://postgresql.verite.pro/ Twitter: @DanielVerite
Re: Should CSV parsing be stricter about mid-field quotes?
On 2023-05-18 Th 02:19, Joel Jacobson wrote: On Thu, May 18, 2023, at 08:00, Joel Jacobson wrote: > 1. How about adding a `WITHOUT QUOTE` or `QUOTE NONE` option in conjunction > with `COPY ... WITH CSV`? More ideas: [ QUOTE 'quote_character' | UNQUOTED ] or [ QUOTE 'quote_character' | NO_QUOTE ] Thinking about it, I recall another hack; specifying a non-existing char as the delimiter to force the entire line into a single column table. For that use-case, we could also provide an option that would internally set: delimc = '\0'; How about: [DELIMITER 'delimiter_character' | UNDELIMITED ] or [DELIMITER 'delimiter_character' | NO_DELIMITER ] or it should be more use-case-based and intuitive: [DELIMITER 'delimiter_character' | WHOLE_LINE_AS_RECORD ] QUOTE NONE and DELIMITER NONE should work fine. NONE is already a keyword, so the disturbance should be minimal. cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com
Re: Should CSV parsing be stricter about mid-field quotes?
On Thu, May 18, 2023, at 08:35, Pavel Stehule wrote:
> Maybe there is another third implementation in Libre Office.
>
> Generally TSV is not well specified, and then the implementations are not
> consistent.
Thanks Pavel, that was a very interesting case indeed:
Libre Office (tested on Mac) doesn't have a separate TSV format,
but its CSV format allows specifying custom "Field delimiter" and
"String delimiter".
How peculiar, in Libre Office, when trying to write double quotation marks
(using Shift+2 on my keyboard) you actually don't get the normal double
quotation marks, but some special type of Unicode-quoting,
e2 80 9c ("LEFT DOUBLE QUOTATION MARK") and
e2 80 9d ("RIGHT DOUBLE QUOTATION MARK"),
and in the .CSV file you get the normal double quotation marks as
"String delimiter":
a,b,c,d,e
unquoted,“this field is quoted”,this “word” is quoted,"field with ,
comma",field with tab
So, my "this field is quoted" experiment was exported unquoted since their
quotation marks don't need to be quoted.
Re: Should CSV parsing be stricter about mid-field quotes?
čt 18. 5. 2023 v 8:01 odesílatel Joel Jacobson napsal: > On Thu, May 18, 2023, at 00:18, Kirk Wolak wrote: > > Here you go. Not horrible handling. (I use DataGrip so I saved it from > there > > directly as TSV, just for an extra datapoint). > > > > FWIW, if you copy/paste in windows, the data, the field with the tab gets > > split into another column in Excel. But saving it as a file, and opening > it. > > Saving it as XLSX, and then having Excel save it as a TSV (versus > opening a > > text file, and saving it back) > > Very useful, thanks. > > Interesting, DataGrip contrary to Excel doesn't quote fields with commas > in TSV. > All the DataGrip/Excel TSV variants uses quoting when necessary, > contrary to Google Sheets's TSV-format, that doesn't quote fields at all. > Maybe there is another third implementation in Libre Office. Generally TSV is not well specified, and then the implementations are not consistent. > > DataGrip/Excel terminate also the last record with newline, > while Google Sheets omit the newline for the last record, > (which is bad, since then a streaming reader wouldn't know > if the last record is completed or not.) > > This makes me think we probably shouldn't add a new TSV format, > since there is no consistency between vendors. > It's impossible to deduce with certainty if a TSV-field that > begins with a double quotation mark is quoted or unquoted. > > Two alternative ideas: > > 1. How about adding a `WITHOUT QUOTE` or `QUOTE NONE` option in conjunction > with `COPY ... WITH CSV`? > > Internally, it would just set > > quotec = '\0';` > > so it would't affect performance at all. > > 2. How about adding a note on the complexities of dealing with TSV files > in the > COPY documentation? > > /Joel > >
Re: Should CSV parsing be stricter about mid-field quotes?
On Thu, May 18, 2023, at 08:00, Joel Jacobson wrote: > 1. How about adding a `WITHOUT QUOTE` or `QUOTE NONE` option in conjunction > with `COPY ... WITH CSV`? More ideas: [ QUOTE 'quote_character' | UNQUOTED ] or [ QUOTE 'quote_character' | NO_QUOTE ] Thinking about it, I recall another hack; specifying a non-existing char as the delimiter to force the entire line into a single column table. For that use-case, we could also provide an option that would internally set: delimc = '\0'; How about: [DELIMITER 'delimiter_character' | UNDELIMITED ] or [DELIMITER 'delimiter_character' | NO_DELIMITER ] or it should be more use-case-based and intuitive: [DELIMITER 'delimiter_character' | WHOLE_LINE_AS_RECORD ] /Joel
Re: Should CSV parsing be stricter about mid-field quotes?
On Thu, May 18, 2023, at 00:18, Kirk Wolak wrote: > Here you go. Not horrible handling. (I use DataGrip so I saved it from there > directly as TSV, just for an extra datapoint). > > FWIW, if you copy/paste in windows, the data, the field with the tab gets > split into another column in Excel. But saving it as a file, and opening it. > Saving it as XLSX, and then having Excel save it as a TSV (versus opening a > text file, and saving it back) Very useful, thanks. Interesting, DataGrip contrary to Excel doesn't quote fields with commas in TSV. All the DataGrip/Excel TSV variants uses quoting when necessary, contrary to Google Sheets's TSV-format, that doesn't quote fields at all. DataGrip/Excel terminate also the last record with newline, while Google Sheets omit the newline for the last record, (which is bad, since then a streaming reader wouldn't know if the last record is completed or not.) This makes me think we probably shouldn't add a new TSV format, since there is no consistency between vendors. It's impossible to deduce with certainty if a TSV-field that begins with a double quotation mark is quoted or unquoted. Two alternative ideas: 1. How about adding a `WITHOUT QUOTE` or `QUOTE NONE` option in conjunction with `COPY ... WITH CSV`? Internally, it would just set quotec = '\0';` so it would't affect performance at all. 2. How about adding a note on the complexities of dealing with TSV files in the COPY documentation? /Joel
Re: Should CSV parsing be stricter about mid-field quotes?
On Wed, May 17, 2023 at 5:47 PM Joel Jacobson wrote:
> On Wed, May 17, 2023, at 19:42, Andrew Dunstan wrote:
> > You can use CSV mode pretty reliably for TSV files. The trick is to use a
> > quoting char that shouldn't appear, such as E'\x01' as well as setting
> the
> > delimiter to E'\t'. Yes, it's far from obvious.
>
> I've been using that trick myself many times in the past, but thanks to
> this
> deep-dive into this topic, it looks to me like TEXT would be a better
> format
> fit when dealing with unquoted TSV files, or?
>
> OTOH, one would then need to inspect the TSV file doesn't contain \. on an
> empty
> line...
>
> I was about to suggest we perhaps should consider adding a TSV format, that
> is like TEXT excluding the PostgreSQL specific things like \. and \N,
> but then I tested exporting TSV from Numbers on Mac and Google Sheets,
> and I can see there are incompatible differences. Numbers quote fields
> that contain double-quote marks, while Google Sheets doesn't.
> None of them (unsurpringly) uses midfield quoting though.
>
> Anyone using Excel that could try exporting the following example as
> CSV/TSV?
>
> CREATE TABLE t (a text, b text, c text, d text);
> INSERT INTO t (a, b, c, d)
> VALUES ('unquoted','a "quoted" string', 'field, with a comma', E'field\t
> with a tab');
>
>
Here you go. Not horrible handling. (I use DataGrip so I saved it from
there directly as TSV,
just for an extra datapoint).
FWIW, if you copy/paste in windows, the data, the field with the tab gets
split into another column in Excel.
But saving it as a file, and opening it.
Saving it as XLSX, and then having Excel save it as a TSV (versus opening a
text file, and saving it back)
Kirk...
a b c d
unquoted"a ""quoted"" string" "field, with a comma" "field with a
tab"
a,b,c,d
unquoted,"a ""quoted"" string","field, with a comma","field with a tab"
a b c d
unquoted"a ""quoted"" string" "field, with a comma" "field with a
tab"
t_test_DataGrip.tsv
Description: Binary data
Re: Should CSV parsing be stricter about mid-field quotes?
On Wed, May 17, 2023, at 19:42, Andrew Dunstan wrote:
> You can use CSV mode pretty reliably for TSV files. The trick is to use a
> quoting char that shouldn't appear, such as E'\x01' as well as setting the
> delimiter to E'\t'. Yes, it's far from obvious.
I've been using that trick myself many times in the past, but thanks to this
deep-dive into this topic, it looks to me like TEXT would be a better format
fit when dealing with unquoted TSV files, or?
OTOH, one would then need to inspect the TSV file doesn't contain \. on an empty
line...
I was about to suggest we perhaps should consider adding a TSV format, that
is like TEXT excluding the PostgreSQL specific things like \. and \N,
but then I tested exporting TSV from Numbers on Mac and Google Sheets,
and I can see there are incompatible differences. Numbers quote fields
that contain double-quote marks, while Google Sheets doesn't.
None of them (unsurpringly) uses midfield quoting though.
Anyone using Excel that could try exporting the following example as CSV/TSV?
CREATE TABLE t (a text, b text, c text, d text);
INSERT INTO t (a, b, c, d)
VALUES ('unquoted','a "quoted" string', 'field, with a comma', E'field\t with a
tab');
I agree with you that it's unwise to change something that's been working
great for such a long time, and I agree CSV-files are probably not a problem
per se, but I think you will agree with me TSV-files is a different story,
from a user-friendliness and correctness perspective. Sure, we could just say
"Don't use TSV! Use CSV instead!" in the docs, that would be an improvement
I think, but there is currently nothing on "TSV" in the docs, so users will
google and find all these broken dangerous suggestions on work-arounds.
Thoughts?
/Joel
Re: Should CSV parsing be stricter about mid-field quotes?
On 2023-05-16 Tu 13:15, Joel Jacobson wrote: On Tue, May 16, 2023, at 13:43, Joel Jacobson wrote: >If we made midfield quoting a CSV error, those users who are currently mistaken >about their TSV/TEXT files being CSV while also having balanced quotes in their >data, would encounter an error rather than a silent failure, which I believe >would be an enhancement. Furthermore, I think it could be beneficial to add a HINT message for all type of CSV/TEXT parsing errors, since the precise ERROR messages might just cause the user to tinker with the options until it works, instead of carefully reading through the documentation on the various formats. Perhaps something like this: HINT: Are you sure the FORMAT matches your input? Also, the COPY documentation says nothing about TSV, and I know TEXT isn't exactly TSV, but it's at least much more TSV than CSV, so maybe we should describe the differences, such as \N. I think the best advise to users would be to avoid exporting to .TSV and use .CSV instead, since I've noticed e.g. Google Sheets to replace newlines in fields with blank space when exporting .TSV, which effectively destroys data. The first search results for "postgresql tsv" on Google link to postgresql.org pages, but the COPY docs are not one of them unfortunately. The first relevant hit is this one: "Importing a TSV File into Postgres | by Riley Wong" [1] Sadly, this author has also misunderstood how to properly import a .TSV file, he got it all wrong, and doesn't understand or at least doesn't mention there are more differences than just the delimiter: COPY listings FROM '/home/ec2-user/list.tsv' DELIMITER E'\t' CSV HEADER; I must confess I have used PostgreSQL for over two decades without having really understood the detailed differences between TEXT and CSV, until recently. [1] https://medium.com/@rlwong2/importing-a-tsv-file-into-postgres-364572a004bf You can use CSV mode pretty reliably for TSV files. The trick is to use a quoting char that shouldn't appear, such as E'\x01' as well as setting the delimiter to E'\t'. Yes, it's far from obvious. cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com
Re: Should CSV parsing be stricter about mid-field quotes?
On Tue, May 16, 2023, at 13:43, Joel Jacobson wrote: >If we made midfield quoting a CSV error, those users who are currently mistaken >about their TSV/TEXT files being CSV while also having balanced quotes in their >data, would encounter an error rather than a silent failure, which I believe >would be an enhancement. Furthermore, I think it could be beneficial to add a HINT message for all type of CSV/TEXT parsing errors, since the precise ERROR messages might just cause the user to tinker with the options until it works, instead of carefully reading through the documentation on the various formats. Perhaps something like this: HINT: Are you sure the FORMAT matches your input? Also, the COPY documentation says nothing about TSV, and I know TEXT isn't exactly TSV, but it's at least much more TSV than CSV, so maybe we should describe the differences, such as \N. I think the best advise to users would be to avoid exporting to .TSV and use .CSV instead, since I've noticed e.g. Google Sheets to replace newlines in fields with blank space when exporting .TSV, which effectively destroys data. The first search results for "postgresql tsv" on Google link to postgresql.org pages, but the COPY docs are not one of them unfortunately. The first relevant hit is this one: "Importing a TSV File into Postgres | by Riley Wong" [1] Sadly, this author has also misunderstood how to properly import a .TSV file, he got it all wrong, and doesn't understand or at least doesn't mention there are more differences than just the delimiter: COPY listings FROM '/home/ec2-user/list.tsv' DELIMITER E'\t' CSV HEADER; I must confess I have used PostgreSQL for over two decades without having really understood the detailed differences between TEXT and CSV, until recently. [1] https://medium.com/@rlwong2/importing-a-tsv-file-into-postgres-364572a004bf
Re: Should CSV parsing be stricter about mid-field quotes?
On Sun, May 14, 2023, at 16:58, Andrew Dunstan wrote: > And if people do follow the method you describe then their input with > unescaped quotes will be rejected 999 times out of 1000. It's only cases where > the field happens to have an even number of embedded quotes, like Joel's > somewhat contrived example, that the input will be accepted. I concur with Andrew that my previous example might've been somewhat contrived, as it deliberately included two instances of the term "inches". It's a matter of time before someone submits a review featuring an odd number of "inches", leading to an error. Having done some additional digging, I stumbled upon three instances [1] [2] [3] where users have misidentified their TSV/TEXT files as CSV. In these situations, users have been shielded from failure due to an imbalance in quotes. However, in cases where a field is utilized to store text in which the double quotation mark is rarely used to denote inches, but instead, for quotation and/or HTML attributes, it's quite feasible that a large amount of user-generated text could contain balanced quotes. Even more concerning is the potential for cases where the vast majority of inputs may not even contain double quotation marks at all. This would effectively render the issue invisible, even upon manual data inspection. Here's a problem scenario that I believe is plausible: 1. The user wishes to import a .TXT file into PostgreSQL. 2. The user examines the .TXT file and observes column headers separated by a delimiter like TAB or semicolon, with subsequent rows of data also separated by the same delimiter. 3. The user is familiar with "CSV" (412M hits on Google) but not "TSV" (48M hits on Google), leading to a false assumption that their file is in CSV format. 4. A Google search for "import csv into postgresql" leads the user to a tutorial titled "Import CSV File Into PostgreSQL Table". An example found therein: COPY persons(first_name, last_name, dob, email) FROM 'C:\sampledb\persons.csv' DELIMITER ',' CSV HEADER; 5. The user, now confident, believes they understand how to import their "CSV" file. 6. In contrast to the "ERROR: unterminated CSV quoted field" examples below, this user's .TXT file contains fields with balanced midfield quote-marks: blog_posts.txt: id message 1 This is a bold statement 7. The user copies the COPY command from the tutorial and modifies the file path and delimiter accordingly. The user then concludes that the code is functioning as expected and proceeds to deploy it. 8, Weeks later, users complain about broken links in their blog posts. Upon inspection of the blog_posts table, the user identifies an issue: SELECT * FROM blog_posts; id | message + 1 | This is a bold statement 2 | Check http://example.com/?param1=Midfield quoting>this out (2 rows) One of the users has used balanced quotes for the href attribute, which was imported successfully but the quotes were stripped, contrary to the intention of preserving them. Content of blog_posts.txt: id message 1 This is a bold statement 2 Check http://example.com/?param1=Midfield quoting">this out If we made midfield quoting a CSV error, those users who are currently mistaken about their TSV/TEXT files being CSV while also having balanced quotes in their data, would encounter an error rather than a silent failure, which I believe would be an enhancement. /Joel [1] https://www.postgresql.org/message-id/1upfg19cru2jigbm553fugj5k6iebtd...@4ax.com [2] https://stackoverflow.com/questions/44108286/unterminated-csv-quoted-field-in-postgres [3] https://dba.stackexchange.com/questions/306662/unterminated-csv-quoted-field-when-to-import-csv-data-file-into-postgresql
Re: Should CSV parsing be stricter about mid-field quotes?
On 2023-05-13 Sa 23:11, Greg Stark wrote:
On Sat, 13 May 2023 at 09:46, Tom Lane wrote:
Andrew Dunstan writes:
I could see an argument for a STRICT mode which would disallow partially
quoted fields, although I'd like some evidence that we're dealing with a
real problem here. Is there really a CSV producer that produces output
like that you showed in your example? And if so has anyone objected to
them about the insanity of that?
I think you'd want not just "some evidence" but "compelling evidence".
Any such option is going to add cycles into the low-level input parser
for COPY, which we know is a hot spot and we've expended plenty of
sweat on. Adding a speed penalty that will be paid by the 99.99%
of users who don't have an issue here is going to be a hard sell.
Well I'm not sure that follows. Joel specifically claimed that an
implementation that didn't accept inputs like this would actually be
simpler and that might mean it would actually be faster.
And I don't think you have to look very hard for inputs like this --
plenty of people generate CSV files from simple templates or script
outputs that don't understand escaping quotation marks at all. Outputs
like that will be fine as long as there's no doublequotes in the
inputs but then one day someone will enter a doublequote in a form
somewhere and blammo.
The procedure described is plain wrong, and I don't have too much
sympathy for people who implement it. Parsing CSV files might be a mild
PITN, but constructing them is pretty darn simple. Something like this
perl fragment should do it:
do {
s/"/""/g;
$_ = qq{"$_"} if /[",\r\n]/;
} foreach @fields;
print join(',',@fields),"\n";
And if people do follow the method you describe then their input with
unescaped quotes will be rejected 999 times out of 1000. It's only cases
where the field happens to have an even number of embedded quotes, like
Joel's somewhat contrived example, that the input will be accepted.
So I guess the real question is whether accepting inputs with
unescapted quotes and interpreting them the way we do is really the
best interpretation. Is the user best served by a) assuming they
intended to quote part of the field and not quote part of it b) assume
they failed to escape the quotation mark or c) assume something's gone
wrong and the input is entirely untrustworthy.
As I said earlier, I'm quite reluctant to break things that might have
been working happily for people for many years, in order to accommodate
people who can't do the minimum required to produce correct CSVs. I have
no idea how many are relying on it, but I would be slightly surprised if
the number were zero.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
Re: Should CSV parsing be stricter about mid-field quotes?
On Sat, 13 May 2023 at 09:46, Tom Lane wrote: > > Andrew Dunstan writes: > > I could see an argument for a STRICT mode which would disallow partially > > quoted fields, although I'd like some evidence that we're dealing with a > > real problem here. Is there really a CSV producer that produces output > > like that you showed in your example? And if so has anyone objected to > > them about the insanity of that? > > I think you'd want not just "some evidence" but "compelling evidence". > Any such option is going to add cycles into the low-level input parser > for COPY, which we know is a hot spot and we've expended plenty of > sweat on. Adding a speed penalty that will be paid by the 99.99% > of users who don't have an issue here is going to be a hard sell. Well I'm not sure that follows. Joel specifically claimed that an implementation that didn't accept inputs like this would actually be simpler and that might mean it would actually be faster. And I don't think you have to look very hard for inputs like this -- plenty of people generate CSV files from simple templates or script outputs that don't understand escaping quotation marks at all. Outputs like that will be fine as long as there's no doublequotes in the inputs but then one day someone will enter a doublequote in a form somewhere and blammo. So I guess the real question is whether accepting inputs with unescapted quotes and interpreting them the way we do is really the best interpretation. Is the user best served by a) assuming they intended to quote part of the field and not quote part of it b) assume they failed to escape the quotation mark or c) assume something's gone wrong and the input is entirely untrustworthy. -- greg
Re: Should CSV parsing be stricter about mid-field quotes?
Andrew Dunstan writes: > I could see an argument for a STRICT mode which would disallow partially > quoted fields, although I'd like some evidence that we're dealing with a > real problem here. Is there really a CSV producer that produces output > like that you showed in your example? And if so has anyone objected to > them about the insanity of that? I think you'd want not just "some evidence" but "compelling evidence". Any such option is going to add cycles into the low-level input parser for COPY, which we know is a hot spot and we've expended plenty of sweat on. Adding a speed penalty that will be paid by the 99.99% of users who don't have an issue here is going to be a hard sell. regards, tom lane
Re: Should CSV parsing be stricter about mid-field quotes?
On 2023-05-13 Sa 04:20, Joel Jacobson wrote: On Fri, May 12, 2023, at 21:57, Andrew Dunstan wrote: Maybe this is unexpected by you, but it's not by me. What other sane interpretation of that data could there be? And what CSV producer outputs such horrible content? As you've noted, ours certainly does not. Our rules are clear: quotes within quotes must be escaped (default escape is by doubling the quote char). Allowing partial fields to be quoted was a deliberate decision when CSV parsing was implemented, because examples have been seen in the wild. So I don't think our behaviour is broken or needs fixing. As mentioned by Greg, this is an example of the adage about being liberal in what you accept. I understand your position, and your points are indeed in line with the traditional "Robustness Principle" (aka "Postel's Law") [1] from 1980, which suggests "be conservative in what you send, be liberal in what you accept." However, I'd like to offer a different perspective that might be worth considering. A 2021 IETF draft, "The Harmful Consequences of the Robustness Principle" [2], argues that the flexibility advocated by Postel's Law can lead to problems such as unclear specifications and a multitude of varying implementations. Features that initially seem helpful can unexpectedly turn into bugs, resulting in unanticipated consequences and data integrity risks. Based on the feedback from you and others, I'd like to revise my earlier proposal. Rather than adding an option to preserve the existing behavior, I now think it's better to simply report an error in such cases. This approach offers several benefits: it simplifies the CSV parser, reduces the risk of misinterpreting data due to malformed input, and prevents the all-too-familiar situation where users blindly apply an error hint without understanding the consequences. Finally, I acknowledge that we can't foresee the number of CSV producers that produce mid-field quoting, and this change may cause compatibility issues for some users. However, I consider this an acceptable tradeoff. Users encountering the error would receive a clear message explaining that mid-field quoting is not allowed and that they should change their CSV producer's settings to escape quotes by doubling the quote character. Importantly, this change guarantees that previously parsed data won't be misinterpreted, as it only enforces stricter parsing rules. [1] https://datatracker.ietf.org/doc/html/rfc761#section-2.10 [2] https://www.ietf.org/archive/id/draft-iab-protocol-maintenance-05.html I'm pretty reluctant to change something that's been working as designed for almost 20 years, and about which we have hitherto had zero complaints that I recall. I could see an argument for a STRICT mode which would disallow partially quoted fields, although I'd like some evidence that we're dealing with a real problem here. Is there really a CSV producer that produces output like that you showed in your example? And if so has anyone objected to them about the insanity of that? cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com
Re: Should CSV parsing be stricter about mid-field quotes?
On Fri, May 12, 2023, at 21:57, Andrew Dunstan wrote: > Maybe this is unexpected by you, but it's not by me. What other sane > interpretation of that data could there be? And what CSV producer outputs > such horrible content? As you've noted, ours certainly does not. Our rules > are clear: quotes within quotes must be escaped (default escape is by > doubling the quote char). Allowing partial fields to be quoted was a > deliberate decision when CSV parsing was implemented, because examples have > been seen in the wild. > > So I don't think our behaviour is broken or needs fixing. As mentioned by > Greg, this is an example of the adage about being liberal in what you accept. > I understand your position, and your points are indeed in line with the traditional "Robustness Principle" (aka "Postel's Law") [1] from 1980, which suggests "be conservative in what you send, be liberal in what you accept." However, I'd like to offer a different perspective that might be worth considering. A 2021 IETF draft, "The Harmful Consequences of the Robustness Principle" [2], argues that the flexibility advocated by Postel's Law can lead to problems such as unclear specifications and a multitude of varying implementations. Features that initially seem helpful can unexpectedly turn into bugs, resulting in unanticipated consequences and data integrity risks. Based on the feedback from you and others, I'd like to revise my earlier proposal. Rather than adding an option to preserve the existing behavior, I now think it's better to simply report an error in such cases. This approach offers several benefits: it simplifies the CSV parser, reduces the risk of misinterpreting data due to malformed input, and prevents the all-too-familiar situation where users blindly apply an error hint without understanding the consequences. Finally, I acknowledge that we can't foresee the number of CSV producers that produce mid-field quoting, and this change may cause compatibility issues for some users. However, I consider this an acceptable tradeoff. Users encountering the error would receive a clear message explaining that mid-field quoting is not allowed and that they should change their CSV producer's settings to escape quotes by doubling the quote character. Importantly, this change guarantees that previously parsed data won't be misinterpreted, as it only enforces stricter parsing rules. [1] https://datatracker.ietf.org/doc/html/rfc761#section-2.10 [2] https://www.ietf.org/archive/id/draft-iab-protocol-maintenance-05.html /Joel
Re: Should CSV parsing be stricter about mid-field quotes?
On 2023-05-11 Th 10:03, Joel Jacobson wrote: Hi hackers, I've come across an unexpected behavior in our CSV parser that I'd like to bring up for discussion. % cat example.csv id,rating,review 1,5,"Great product, will buy again." 2,3,"I bought this for my 6" laptop but it didn't fit my 8" tablet" % psql CREATE TABLE reviews (id int, rating int, review text); \COPY reviews FROM example.csv WITH CSV HEADER; SELECT * FROM reviews; This gives: id | rating | review ++- 1 | 5 | Great product, will buy again. 2 | 3 | I bought this for my 6 laptop but it didn't fit my 8 tablet (2 rows) Maybe this is unexpected by you, but it's not by me. What other sane interpretation of that data could there be? And what CSV producer outputs such horrible content? As you've noted, ours certainly does not. Our rules are clear: quotes within quotes must be escaped (default escape is by doubling the quote char). Allowing partial fields to be quoted was a deliberate decision when CSV parsing was implemented, because examples have been seen in the wild. So I don't think our behaviour is broken or needs fixing. As mentioned by Greg, this is an example of the adage about being liberal in what you accept. cheers andrew -- Andrew Dunstan EDB:https://www.enterprisedb.com
Re: Should CSV parsing be stricter about mid-field quotes?
On Thu, 11 May 2023 at 10:04, Joel Jacobson wrote: > > The parser currently accepts quoting within an unquoted field. This can lead > to > data misinterpretation when the quote is part of the field data (e.g., > for inches, like in the example). I think you're thinking about it differently than the parser. I think the parser is treating this the way, say, the shell treats quotes. That is, it sees a quoted "I bought this for my 6" followed by an unquoted "a laptop but it didn't fit my 8" followed by a quoted " tablet". So for example, in that world you might only quote commas and newlines so you might print something like 1,2,I bought this for my "6"" laptop " but it "didn't" fit my "8""" laptop The actual CSV spec https://datatracker.ietf.org/doc/html/rfc4180 only allows fully quoted or fully unquoted fields and there can only be escaped double-doublequote characters in quoted fields and no doublequote characters in unquoted fields. But it also says Due to lack of a single specification, there are considerable differences among implementations. Implementors should "be conservative in what you do, be liberal in what you accept from others" (RFC 793 [8]) when processing CSV files. An attempt at a common definition can be found in Section 2. So the real question is are there tools out there that generate entries like this and what are their intentions? > I think we should throw a parsing error for unescaped mid-field quotes, > and add a COPY option like ALLOW_MIDFIELD_QUOTES for cases where mid-field > quotes are necessary. The error message could suggest this option when it > encounters an unescaped mid-field quote. > > I think the convenience of not having to use an extra option doesn't outweigh > the risk of undetected data integrity issues. It's also a pretty annoying experience to get a message saying "error, turn this option on to not get an error". I get what you're saying too, which is more of a risk depends on whether turning off the error is really the right thing most of the time or is just causing data to be read incorrectly. -- greg
Re: Should CSV parsing be stricter about mid-field quotes?
čt 11. 5. 2023 v 16:04 odesílatel Joel Jacobson napsal: > Hi hackers, > > I've come across an unexpected behavior in our CSV parser that I'd like to > bring up for discussion. > > % cat example.csv > id,rating,review > 1,5,"Great product, will buy again." > 2,3,"I bought this for my 6" laptop but it didn't fit my 8" tablet" > > % psql > CREATE TABLE reviews (id int, rating int, review text); > \COPY reviews FROM example.csv WITH CSV HEADER; > SELECT * FROM reviews; > > This gives: > > id | rating | review > ++- > 1 | 5 | Great product, will buy again. > 2 | 3 | I bought this for my 6 laptop but it didn't fit my 8 tablet > (2 rows) > > The parser currently accepts quoting within an unquoted field. This can > lead to > data misinterpretation when the quote is part of the field data (e.g., > for inches, like in the example). > > Our CSV output rules quote an entire field or not at all. But the import of > fields with mid-field quotes might lead to surprising and undetected > outcomes. > > I think we should throw a parsing error for unescaped mid-field quotes, > and add a COPY option like ALLOW_MIDFIELD_QUOTES for cases where mid-field > quotes are necessary. The error message could suggest this option when it > encounters an unescaped mid-field quote. > > I think the convenience of not having to use an extra option doesn't > outweigh > the risk of undetected data integrity issues. > > Thoughts? > +1 Pavel > /Joel > >
Should CSV parsing be stricter about mid-field quotes?
Hi hackers, I've come across an unexpected behavior in our CSV parser that I'd like to bring up for discussion. % cat example.csv id,rating,review 1,5,"Great product, will buy again." 2,3,"I bought this for my 6" laptop but it didn't fit my 8" tablet" % psql CREATE TABLE reviews (id int, rating int, review text); \COPY reviews FROM example.csv WITH CSV HEADER; SELECT * FROM reviews; This gives: id | rating | review ++- 1 | 5 | Great product, will buy again. 2 | 3 | I bought this for my 6 laptop but it didn't fit my 8 tablet (2 rows) The parser currently accepts quoting within an unquoted field. This can lead to data misinterpretation when the quote is part of the field data (e.g., for inches, like in the example). Our CSV output rules quote an entire field or not at all. But the import of fields with mid-field quotes might lead to surprising and undetected outcomes. I think we should throw a parsing error for unescaped mid-field quotes, and add a COPY option like ALLOW_MIDFIELD_QUOTES for cases where mid-field quotes are necessary. The error message could suggest this option when it encounters an unescaped mid-field quote. I think the convenience of not having to use an extra option doesn't outweigh the risk of undetected data integrity issues. Thoughts? /Joel
