Skip site navigation (1) Skip section navigation (2)

Re: Cross-datatype Comparisons and Indexes

From: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Bruno Wolff III <bruno(at)wolff(dot)to>,"Thomas F(dot)O'Connell" <tfo(at)sitening(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: Cross-datatype Comparisons and Indexes
Date: 2004-08-20 21:27:59
Message-ID: 41266CDF.4000701@commandprompt.com (view raw or flat)
Thread:
Lists: pgsql-general
> 
> 
> I can think of at least three workarounds in 7.4:
> 
> 1. Always quote your constants:
> 
> 	... WHERE bigintcol = '42';

You can also

  	WHERE bigintcol = 42::bigint

Sincerely,

Joshua D. Drake



> 
> 2. Use a prepared statement:
> 
> 	PREPARE foo(bigint) AS ... WHERE bigintcol = $1;
> 
> 	EXECUTE foo(42);
> 
> 3. Use parameterized statements in extended-query mode (essentially the
>    same idea as #2, but at the protocol level).  This doesn't help for
>    pure SQL scripts, but is very workable when coding against libpq or
>    JDBC.  Among other things it gets you out of worrying about SQL
>    injection attacks when your parameter values come from untrusted
>    sources.
> 
> 			regards, tom lane
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend


-- 
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd(at)commandprompt(dot)com - http://www.commandprompt.com
Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL

Attachment: jd.vcf
Description: text/x-vcard (640 bytes)

In response to

pgsql-general by date

Next:From: Mike MascariDate: 2004-08-20 22:13:08
Subject: Re: Cross-datatype Comparisons and Indexes
Previous:From: Tom LaneDate: 2004-08-20 21:09:01
Subject: Re: Cross-datatype Comparisons and Indexes

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group