Thread: Protection from SQL injection
View Single Post

   
  #13 (permalink)  
Old 04-29-2008, 08:31 PM
Tino Wildenhain
 
Posts: n/a
Default Re: Protection from SQL injection
Hi,

> In C the best practice is to use #define for constants. In C++ you
> have 'const', in Java 'static final'. Unfortunately the 'named
> constant' concept doesn't exist in SQL. I think that's a mistake. I
> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.

of course you mean:

CREATE CONSTANT state_active TEXT VALUE 'active'; ?

interesting idea, would that mean PG complaints on queries

SELECT state_active FROM sometable ... because
state_active is already defined as constant?

What about local session variables? Usefull as well...

I think this is really a big effort :-)

Greets
Tino

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply With Quote