| From: | Jan Wieck <jan(at)wi3ck(dot)info> |
|---|---|
| To: | Joel Jacobson <joel(at)trustly(dot)com>, Craig Ringer <craig(at)2ndquadrant(dot)com> |
| Cc: | Andres Freund <andres(at)2ndquadrant(dot)com>, Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PL/pgSQL 2 |
| Date: | 2014-09-02 21:32:20 |
| Message-ID: | 54063764.70805@wi3ck.info |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 09/01/2014 10:41 AM, Joel Jacobson wrote:
> On Mon, Sep 1, 2014 at 4:26 PM, Craig Ringer <craig(at)2ndquadrant(dot)com> wrote:
>> Well, the idiom:
>>
>> EXECUTE format("SELECT %I FROM %I WHERE $1", col, tbl) USING val;
>>
>> is not lovely. It works, but it's clumsy.
>
> This is exactly why we need a new language.
> All the clumsy stuff we cannot fix in plpgsql, can easily be fixed in
> plpgsql2, with the most beautiful syntax we can come up with.
You know that you're running into problems with the SPI subsystem on
that one, no?
Identifiers cannot be parameters in SPI_prepare(). So how do you propose
to make that "pretty" and "performant"?
Because the moment, your "pretty" language is out there, be sure users
will kick your behind that whenever they use that "pretty" stuff on
anything but a toy setup, it spirals their servers into a DOS attack state.
Regards,
Jan
--
Jan Wieck
Senior Software Engineer
http://slony.info
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Álvaro Hernández Tortosa | 2014-09-02 21:33:11 | Re: PL/pgSQL 2 |
| Previous Message | Andres Freund | 2014-09-02 21:23:58 | Re: Escaping from blocked send() reprised. |