Re: PostgreSQL Indexing versus MySQL - Mailing list pgsql-general

From Lincoln Yeoh
Subject Re: PostgreSQL Indexing versus MySQL
Date
Msg-id 5.2.1.1.1.20040219022122.0277da80@mbox.jaring.my
Whole thread Raw
In response to Re: PostgreSQL Indexing versus MySQL  ("scott.marlowe" <scott.marlowe@ihs.com>)
List pgsql-general
At 10:35 AM 2/18/2004 -0700, scott.marlowe wrote:
>It works, I just like writing things in the most self documenting manner
>possible, since one day somebody else may look at:
>
>select * from test where id='456'
>
>and go, "hey, that's just an int, no need for the quotes" and take them
>out not knowing what they do.  cast(456 as int8) is pretty obvious, '456'
>is much more subtle.

Well whenever I see:

select * from test where id=$var

I think "possible SQL injection".

I'd rather see bind variables be used or something similar, and when you
use those, the quotes are automatic.

With your method if the table is altered to int4 or something else, it
won't use the index (unless a postgresql dev adds stuff).

'456'::int8 seems to work too. But I suppose that's a Postgresql-ism.






pgsql-general by date:

Previous
From: Tom Lane
Date:
Subject: Re: Adding Functionality
Next
From: "Lee Harr"
Date:
Subject: cannot use createlang after removing public schema