From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | "pgsql-jdbc(at)postgresql(dot)org" <pgsql-jdbc(at)postgresql(dot)org> |
Subject: | Re: bytea size limit? |
Date: | 2004-04-12 05:15:35 |
Message-ID: | 407A25F7.9030602@opencloud.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Tom Lane wrote:
> Oliver Jowett <oliver(at)opencloud(dot)com> writes:
>
>>... using the V3 extended query protocol (this requires a number of
>>other driver changes, as at a minimum the driver will need to split up
>>queries that contain multiple statements)
>
>
> This is a bit off the thread topic, but: does the JDBC spec actually
> allow/expect multiple SQL commands in a query? Some people thought that
> the V3 restriction to one command per query string was a Good Thing
> because it helps guard against SQL-injection attacks when an application
> is careless about inserting untrustworthy text into a command string.
> If you don't have a spec requirement to cope with this, then I'd advise
> against adding code to support it.
I don't think there's such a requirement. The JDBC spec is vague, but
Sun's JDBC tutorial says:
===
This code does not end with a DBMS statement terminator, which can vary
from DBMS to DBMS. For example, Oracle uses a semicolon (;) to indicate
the end of a statement, and Sybase uses the word go . The driver you are
using will automatically supply the appropriate statement terminator,
and you will not need to include it in your JDBC code.
===
That said, executing multiple commands in a query seems quite common,
and works ok with the current driver. I'd be reluctant to break existing
apps by forbidding it.
Also, the JDBC spec recommends:
===
Drivers should provide access to every feature implemented by the
underlying data source, including features that extend the JDBC API.
When a feature is not supported, the corresponding methods throw an
SQLException. The intent is for applications using the JDBC API to have
access to the same feature set as native applications.
===
-O
From | Date | Subject | |
---|---|---|---|
Next Message | scott.marlowe | 2004-04-12 16:51:52 | Re: PostgreSQL and MySql |
Previous Message | Tom Lane | 2004-04-12 04:23:34 | Re: bytea size limit? |