Re: Cross-datatype Comparisons and Indexes - Mailing list pgsql-general

From Joshua D. Drake
Subject Re: Cross-datatype Comparisons and Indexes
Date
Msg-id 41266CDF.4000701@commandprompt.com
Whole thread Raw
In response to Re: Cross-datatype Comparisons and Indexes  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
>
>
> I can think of at least three workarounds in 7.4:
>
> 1. Always quote your constants:
>
>     ... WHERE bigintcol = '42';

You can also

      WHERE bigintcol = 42::bigint

Sincerely,

Joshua D. Drake



>
> 2. Use a prepared statement:
>
>     PREPARE foo(bigint) AS ... WHERE bigintcol = $1;
>
>     EXECUTE foo(42);
>
> 3. Use parameterized statements in extended-query mode (essentially the
>    same idea as #2, but at the protocol level).  This doesn't help for
>    pure SQL scripts, but is very workable when coding against libpq or
>    JDBC.  Among other things it gets you out of worrying about SQL
>    injection attacks when your parameter values come from untrusted
>    sources.
>
>             regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend


--
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd@commandprompt.com - http://www.commandprompt.com
Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL

Attachment

pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Cross-datatype Comparisons and Indexes
Next
From: Mike Mascari
Date:
Subject: Re: Cross-datatype Comparisons and Indexes