Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
- To: pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Wed, 30 Apr 2008 17:22:50 +0200
- Message-id: <5f211bd50804300822v1c47c664l42e97f8fa4a4c69e(at)mail(dot)gmail(dot)com>
Hi, Constants are just convenience: instead of constants, user defined functions can be used. This already works, however it's a bit verbose: CREATE FUNCTION STATE_ACTIVE() RETURNS VARCHAR AS $$ BEGIN RETURN 'active'; END; $$ LANGUAGE PLPGSQL; Usage is almost the same: SELECT * FROM USERS WHERE STATE=STATE_ACTIVE(); > therefore arbitrary macro expansion like in those "plenty of languages" > does not seem like a good idea to me. This is _not_ macro expansion as in C '#define'. Constants are typed, as in C++ 'const' and Java 'static final'. The question is only: should the user explicitly state the data type, or should the data type be deduced from the value. Both is possible: CREATE CONSTANT STATE_ACTIVE VALUE 'active'; CREATE CONSTANT STATE_ACTIVE TEXT VALUE 'active'; Regards, Thomas
- Follow-Ups:
- Re: Protection from SQL injection
- From: Gurjeet Singh
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Brendan Jurd
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Tino Wildenhain
- Re: Protection from SQL injection
- From: Andrew Dunstan
- Re: Protection from SQL injection
- From: Tino Wildenhain
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Proposed patch - psql wraps at window width
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: