All,
Well, you should still escape any strings you're getting from a web page so
you can ensure you're not subject to a SQL insert attack, even if you're
expecting integers.
Thanks,
Peter Darley
-----Original Message-----
From: pgsql-performance-owner@postgresql.org
[mailto:pgsql-performance-owner@postgresql.org]On Behalf Of
Pierre-Frédéric Caillaud
Sent: Monday, November 22, 2004 3:06 PM
To: pgsql-performance@postgresql.org
Subject: Re: [PERFORM] Data type to use for primary key
> What is the common approach? Should I use directly the product_code as
> my ID, or use a sequantial number for speed? (I did the same for the
> company_id, this is a 'serial' and not the shor name of the customer.
> I just don't know what is usually done.
Use a serial :
- you can change product_code for a product easily
- you can pass around integers easier around, in web forms for instance,
you don't have to ask 'should I escape this string ?'
- it's faster
- it uses less space
- if one day you must manage products from another source whose
product_code overlap yours, you won't have problems
- you can generate them with a serial uniquely and easily
---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match
