| From: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Bruno Wolff III <bruno(at)wolff(dot)to>, "Thomas F(dot)O'Connell" <tfo(at)sitening(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Cross-datatype Comparisons and Indexes |
| Date: | 2004-08-20 21:27:59 |
| Message-ID: | 41266CDF.4000701@commandprompt.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
>
>
> I can think of at least three workarounds in 7.4:
>
> 1. Always quote your constants:
>
> ... WHERE bigintcol = '42';
You can also
WHERE bigintcol = 42::bigint
Sincerely,
Joshua D. Drake
>
> 2. Use a prepared statement:
>
> PREPARE foo(bigint) AS ... WHERE bigintcol = $1;
>
> EXECUTE foo(42);
>
> 3. Use parameterized statements in extended-query mode (essentially the
> same idea as #2, but at the protocol level). This doesn't help for
> pure SQL scripts, but is very workable when coding against libpq or
> JDBC. Among other things it gets you out of worrying about SQL
> injection attacks when your parameter values come from untrusted
> sources.
>
> regards, tom lane
>
> ---------------------------(end of broadcast)---------------------------
> TIP 8: explain analyze is your friend
--
Command Prompt, Inc., home of Mammoth PostgreSQL - S/ODBC and S/JDBC
Postgresql support, programming shared hosting and dedicated hosting.
+1-503-667-4564 - jd(at)commandprompt(dot)com - http://www.commandprompt.com
Mammoth PostgreSQL Replicator. Integrated Replication for PostgreSQL
| Attachment | Content-Type | Size |
|---|---|---|
| jd.vcf | text/x-vcard | 640 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Mascari | 2004-08-20 22:13:08 | Re: Cross-datatype Comparisons and Indexes |
| Previous Message | Tom Lane | 2004-08-20 21:09:01 | Re: Cross-datatype Comparisons and Indexes |