Re: Invalid SQL still executes valid sub transactions - Mailing list pgsql-jdbc

From Tom Lane
Subject Re: Invalid SQL still executes valid sub transactions
Date
Msg-id 201.1074269186@sss.pgh.pa.us
Whole thread Raw
In response to Re: Invalid SQL still executes valid sub transactions  (Csaba Nagy <nagy@ecircle-ag.com>)
Responses Re: Invalid SQL still executes valid sub transactions
List pgsql-jdbc
Csaba Nagy <nagy@ecircle-ag.com> writes:
> The JDBC driver should not do any parsing of the SQL code in the first
> place. That's the job of the server, so only the server can tell it's an
> invalid statemnt.
> And the server will interpret it as 3 different statements, treating
> them independently, and 2 of them will be invalid, and one will execute
> correctly...

But if the three statements are sent as a single query string, a failure
in any one will cause all three to be rolled back.  The complaint
suggests to me that JDBC *is* parsing the code, at least to the extent
of separating the statements.  Probably it should not.

Now, the real answer to the security aspect of this is "you should be
more careful about quoting strings from untrusted sources".  (Parameters
are just one way to do that.)  But I am curious to understand what
exactly JDBC is doing with a multi-statement query string.

            regards, tom lane

pgsql-jdbc by date:

Previous
From: "Alessandro Depase"
Date:
Subject: getTables or code problem?
Next
From: Melanie Bergeron
Date:
Subject: Re: problem to connect to database