Re: InitPostgres and flatfiles question

Tom Lane wrote:
> Bruce Momjian <bruce(at)momjian(dot)us> writes:
> > Tom Lane wrote:
> >> Markus Schiltknecht <markus(at)bluegap(dot)ch> writes:
> >>> Is there a good reason to not let psql -c behave exactly like psql from
> >>> STDIN?
> >>
> >> Backwards compatibility, mostly --- there seems to be a considerable
> >> risk of subtly breaking people's scripts if we change the transactional
> >> boundaries for psql -c commands.
>
> > True, but if we keep hitting people who don't expect this behavior, I
> > wonder if we should just fix it and mention it in the release notes.
>
> One other point is that if we change -c's behavior, there won't be
> *any* way to submit multiple queries in a single PQexec using plain
> psql --- it will require hacking up a special test program using
> libpq directly. Unless we have plans to obsolete
> multi-queries-per-PQexec altogether, this doesn't seem like a good idea.

What value is allowing multiple queies via PQexec() via psql, aside from
avoiding BEGIN/END around your -c query string?

> OTOH, you could argue that forbidding multiple queries in one PQexec
> isn't a bad idea; it would provide an additional defense against
> SQL-injection attacks. We did that already in the "extended" query
> protocol and I've not heard many complaints.
>
> I'd be willing to buy into doing both together, perhaps.

True.

--
Bruce Momjian bruce(at)momjian(dot)us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +