Skip site navigation (1) Skip section navigation (2)

Re: By Passed Domain Constraints

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Robert Perry <rlperry(at)lodestonetechnologies(dot)com>
Cc: pgsql-interfaces(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org
Subject: Re: By Passed Domain Constraints
Date: 2005-07-06 16:05:58
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackerspgsql-interfaces
Robert Perry <rlperry(at)lodestonetechnologies(dot)com> writes:
>      I have also been bitten by the problem you are describing. But,  
> that one is a problem even when called from psql if I am not  
> mistaken.  Does psql not use pqlib?  Perhaps it is something about  
> PQexecParams that is the problem.  I will test in a little while.

[ thinks about it... ]  If you've declared the function input parameter
as a domain type and then write a parameterized query like
	... function($1) ...
and don't specify any particular datatype for the parameter symbol,
I think the backend will infer the domain type as the parameter type.
Which would also allow bypassing the domain checks.

You could work around this by explicitly specifying the parameter
type as text or varchar or whatever the domain's base type is.
I wonder though if we oughtn't change the backend so that the inferred
type of a parameter symbol is never a domain, but the domain's base
type.  That would force the proper application of CoerceToDomain inside
the constructed query parsetree.

			regards, tom lane

In response to


pgsql-hackers by date

Next:From: Neil ConwayDate: 2005-07-06 16:10:08
Subject: Re: User's exception plpgsql
Previous:From: Tom LaneDate: 2005-07-06 15:56:01
Subject: Re: User's exception plpgsql

pgsql-interfaces by date

Next:From: Tom LaneDate: 2005-07-06 16:59:47
Subject: Re: libpq and connection failures
Previous:From: Robert PerryDate: 2005-07-06 15:43:06
Subject: Re: By Passed Domain Constraints

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group