| From: | Vik Fearing <vik(at)2ndquadrant(dot)fr> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, David Fetter <david(at)fetter(dot)org>, PostgreSQL Development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE |
| Date: | 2016-07-27 01:24:28 |
| Message-ID: | da86dc6b-1fa9-2a34-1da1-fe37906c8a3a@2ndquadrant.fr |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 27/07/16 03:15, Peter Eisentraut wrote:
> On 7/26/16 6:14 PM, Vik Fearing wrote:
>> As mentioned elsewhere in the thread, you can just do WHERE true to get
>> around it, so why on Earth have it PGC_SUSET?
>
> I'm not sure whether it's supposed to guard against typos and possibly
> buggy SQL string concatenation in application code. So it would help
> against accidental mistakes, whereas putting a WHERE TRUE in there would
> be an intentional override.
If buggy SQL string concatenation in application code is your argument,
quite a lot of them add "WHERE true" so that they can just append a
bunch of "AND ..." clauses without worrying if it's the first (or last,
whatever), so I'm not sure this is protecting anything.
--
Vik Fearing +33 6 46 75 15 36
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2016-07-27 01:25:33 | Re: to_date_valid() |
| Previous Message | Peter Eisentraut | 2016-07-27 01:15:33 | Re: PoC: Make it possible to disallow WHERE-less UPDATE and DELETE |