SQL Injection Vulnerability in Redshift Dialect due to Incorrect String Escaping

### Problem
The Parser and Redshift handle backslashes differently, leading to a vulnerability.
- **Redshift**: `\'` is an escaped quote (String continues).
- **Parser**: `\'` is a backslash + end quote (String ends).

Attackers can use this mismatch to hide malicious SQL columns. The Parser thinks the injected code is just a harmless alias for the first column because it believes the string ended early.

### Example
**Input SQL**:
```sql
SELECT 'Test\' ' X, (select pg_get_userbyid(1)) AS Y--'
```

**Analysis**:
- **Before Fix**: The parser sees **1 Column**. It mistreats `X, (select pg_get_userbyid(1)) AS Y--` as the alias.
- **After Fix**: The parser sees **2 Columns**. It correctly identifies the second column, which can then be blocked by validation logic.

### Proposed Fix
Update [RedshiftDialect.cs](file:///c:/repos/SqlParser-cs/src/SqlParser/Dialects/RedshiftDialect.cs) to enable backslash escaping to match the database behavior:

```csharp
public override bool SupportsStringLiteralBackslashEscape => true;
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SQL Injection Vulnerability in Redshift Dialect due to Incorrect String Escaping #78

Problem

Example

Proposed Fix

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

SQL Injection Vulnerability in Redshift Dialect due to Incorrect String Escaping #78

Description

Problem

Example

Proposed Fix

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions