postgresql syntax error, can not install nextcloud [resolved]

[jerome-diver]

nextcloud verison 10.0.0-1

go inside:
lib/private/Setup/PostgreSQL.php
then change at line 146:
CREATEDB WITH PASSWORD
by
WITH CREATEDB PASSWORD

then error syntax 7 for SQL request is now fixed.

Also, the way to pass variable to Database is unsafe and full open to SQL injection attacks. it is a serious secure problem. you should improve this code by use PDO API for postgresql and function for "bind" variables.
Also, this addslashes() is not good.
actually, nextcloud is unsafe.

having fun.

[rullzer]

PR with fix in #1268

[LukasReschke]

Also, the way to pass variable to Database is unsafe and full open to SQL injection attacks. it is a serious secure problem. you should improve this code by use PDO API for postgresql and function for "bind" variables.
Also, this addslashes() is not good.
actually, nextcloud is unsafe.

Note that this is only the installer. We do use prepared statements within the general code. That said, if somebody can access the installer you have bigger problems. (since they could just install Nextcloud and execute arbitrary PHP code as admin then)