Skip site navigation (1) Skip section navigation (2)

Re: Protection from SQL injection

From: Tino Wildenhain <tino(at)wildenhain(dot)de>
To: Thomas Mueller <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-04-29 14:35:41
Message-ID: 4817323D.8070700@wildenhain.de (view raw or flat)
Thread:
Lists: pgsql-hackers
Hi,

> In C the best practice is to use #define for constants. In C++ you
> have 'const', in Java 'static final'. Unfortunately the 'named
> constant' concept doesn't exist in SQL. I think that's a mistake. I
> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.

of course you mean:

CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)

interesting idea, would that mean PG complaints on queries

SELECT state_active FROM sometable ... because
state_active is already defined as constant?

What about local session variables? Usefull as well...

I think this is really a big effort :-)

Greets
Tino

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-04-29 14:58:17
Subject: Re: Protection from SQL injection
Previous:From: Tom LaneDate: 2008-04-29 14:22:34
Subject: Re: SRF in SFRM_ValuePerCall mode

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group