| From: | "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-04-30 15:22:50 |
| Message-ID: | 5f211bd50804300822v1c47c664l42e97f8fa4a4c69e@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
Constants are just convenience: instead of constants, user defined
functions can be used. This already works, however it's a bit verbose:
CREATE FUNCTION STATE_ACTIVE() RETURNS VARCHAR AS
$$ BEGIN RETURN 'active'; END; $$ LANGUAGE PLPGSQL;
Usage is almost the same:
SELECT * FROM USERS WHERE STATE=STATE_ACTIVE();
> therefore arbitrary macro expansion like in those "plenty of languages"
> does not seem like a good idea to me.
This is _not_ macro expansion as in C '#define'. Constants are typed,
as in C++ 'const' and Java 'static final'. The question is only:
should the user explicitly state the data type, or should the data
type be deduced from the value. Both is possible:
CREATE CONSTANT STATE_ACTIVE VALUE 'active';
CREATE CONSTANT STATE_ACTIVE TEXT VALUE 'active';
Regards,
Thomas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bryce Nesbitt | 2008-04-30 15:36:55 | Re: Proposed patch - psql wraps at window width |
| Previous Message | Tino Wildenhain | 2008-04-30 14:47:56 | Re: Protection from SQL injection |