Skip site navigation (1) Skip section navigation (2)

Re: proof concept: do statement parametrization

From: Florian Pflug <fgp(at)phlo(dot)org>
To: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: proof concept: do statement parametrization
Date: 2010-07-04 11:36:25
Message-ID: 0ADF1340-148F-4ADB-82F2-EE9867507E8D@phlo.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Jul4, 2010, at 11:59 , Pavel Stehule wrote:
> 2010/7/4 Florian Pflug <fgp(at)phlo(dot)org>:
>> On Jul4, 2010, at 08:41 , Pavel Stehule wrote:
>>> I enhanced DO statement syntax to allowing a parameters. Syntax is
>>> relative simple:
>>> 
>>> do ([varname] vartype := value, ...) $$ ... $$
>> 
>> I think it'd be more useful to put the values at the very end of the statement, not somewhere in the middle. For positional parameters I envision
>> 
>> do (vartype, ...) $$ ... $$ using value, ...
>> 
>> and for named parameters it'd be
>> 
>> do (varname vartype) $$ ... $$ using varname := value, ...

> Your syntax  is longer and less readable (my personal view). With
> proposed syntax it is ensured so every parameter has a value. Next -
> my syntax is reflecting fact, so these are not true parameters - it's
> +/- similar to default values of function parameters.

Yeah, with your syntax omitting a value is syntactically invalid, while with mine it'd parse OK and fail later on. But I fail to see the drawback of that. I do agree that my suggestion is slightly more verbose, but it think thats compensated by the increase in usefulness.

> I understand to your motivation - but you can use a printf command and
> do it same work.

Sure. But by the very same argument, printf makes DO-block parameters redundant as a whole.

> or better and safer - use a psql variables (it is preferred solution)

I don't really buy that argument. By using a psql variable, you simply move the quoting & escaping business from SQL to the shell where psql is called. True, you avoid SQL injectiont, but in turn you make yourself vulnerable to shell injection.

best regards,
Florian Pflug


In response to

Responses

pgsql-hackers by date

Next:From: Pavel StehuleDate: 2010-07-04 11:57:27
Subject: Re: proof concept: do statement parametrization
Previous:From: Pavel StehuleDate: 2010-07-04 09:59:36
Subject: Re: proof concept: do statement parametrization

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group