-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>> - Explicitly prevent any parsing of statements for placeholders
>> unless they begin with "SELECT", "INSERT", "UPDATE", or "DELETE"
>> Suggested by (and fixes) CPAN bug #13608 [GSM]
> Thanks for doing all of this. I will give it a whirl. Just a quick
> question on the point directly above: does this imply that explain and
> explain analyze are excluded from placeholder parsing? I don't personally
> use them programmatically, but I think that particularly for count(*) types
> of queries or receiving estimates of the number of returned tuples without
> executing the query, people could potentially use explain select.... Pardon
> my laziness for not looking at the code for my own answers.
Excellent question. There obviously needs to be a way around this, as your
explain scenario points out. I have another parameter "pg_client_prepare" waiting
in the wings for just such an occasion. The question becomes, do we make parsing
the default, and break lots of future apps that start using the "dollar-quoting"
feature, or do we make the default to only parse DML statements, possibly breaking
lots of older apps? I'm leaning heavily towards the latter, not least of which
is because the backend's PREPARE only accepts DML as well, but welcome any
discussion on the subject. A third (and probably best) option is to make the parser
inside of DBD::Pg recognize dollar-quoting. I'll play around with that one some
more.
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200509141424
https://www.biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----
iD8DBQFDKLeWvJuQZxSWSsgRAriGAJsG5AML1mv8qYGvaFYqQ1VYohaicgCgsHkN
gqzxS8R7GNH6NsF1kyBGfr0=
=GWQc
-----END PGP SIGNATURE-----
