From: | Daniele Varrazzo <daniele(dot)varrazzo(at)gmail(dot)com> |
---|---|
To: | Maxim Avanov <maxim(dot)avanov(at)gmail(dot)com> |
Cc: | Oswaldo <listas(at)soft-com(dot)es>, psycopg(at)postgresql(dot)org |
Subject: | Re: Negative Integers Escaping |
Date: | 2011-05-27 23:45:16 |
Message-ID: | BANLkTim1BsjvYQ+DTqqaHWvXKXgm44Nfsw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | psycopg |
On Fri, May 27, 2011 at 8:03 PM, Maxim Avanov <maxim(dot)avanov(at)gmail(dot)com> wrote:
> Hi, Oswoldo. Thanks for reply.
>> Is a good rule to always put spaces between operators
>
> I agree. It's a good rule but it's neither in SQL nor in Postrges syntax
> rules. And psycopg should guarantee a valid escaping of parameters according
> to all possible and valid syntax rules.
There's plenty of space for creating pathological commands. Do you
want another one?
"select * from blah limit%s"
I think in general sticking characters in front of placeholders you
don't know how will get filled is not a robust way to write your sql
string.
I'm -1 about complicating the escaping of simple values just to
accommodate artificial problems: fixing this one IMO wouldn't justify
the potential problems of backward incompatibilities that may arise.
-- Daniele
From | Date | Subject | |
---|---|---|---|
Next Message | Daniele Varrazzo | 2011-05-28 00:12:59 | Deadlock |
Previous Message | Maxim Avanov | 2011-05-27 19:03:48 | Re: Negative Integers Escaping |