Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Tino Wildenhain
Subject	Re: Protection from SQL injection
Date	April 29, 2008 14:35:56
Msg-id	4817323D.8070700@wildenhain.de Whole thread Raw
In response to	Re: Protection from SQL injection ("Thomas Mueller" <thomas.tom.mueller@gmail.com>)
Responses	Re: Protection from SQL injection (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

Hi,

> In C the best practice is to use #define for constants. In C++ you
> have 'const', in Java 'static final'. Unfortunately the 'named
> constant' concept doesn't exist in SQL. I think that's a mistake. I
> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.

of course you mean:

CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)

interesting idea, would that mean PG complaints on queries

SELECT state_active FROM sometable ... because
state_active is already defined as constant?

What about local session variables? Usefull as well...

I think this is really a big effort :-)

Greets
Tino

pgsql-hackers by date:

From: Tom Lane
Date: 29 April 2008, 14:23:09
Subject: Re: SRF in SFRM_ValuePerCall mode

From: Tom Lane
Date: 29 April 2008, 14:58:52
Subject: Re: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next