Re: PostgreSQL Developer Best Practices

From: Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: PostgreSQL Developer Best Practices
Date: 2015-08-25 10:09:44
Message-ID: 55DC3EE8.4060101@archidevsys.co.nz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 25/08/15 19:04, Karsten Hilbert wrote:
> On Tue, Aug 25, 2015 at 02:02:17PM +1200, Gavin Flower wrote:
>
>> On 25/08/15 01:15, Ray Cote wrote:
>>> On Sat, Aug 22, 2015 at 11:46 AM, Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net
>>> <mailto:Karsten(dot)Hilbert(at)gmx(dot)net>> wrote:
>>>
>> [...]
>>> 9. Do NOT arbitrarily assign an "id" column to a table as a
>>> primary key when other columns
>>> are perfectly suited as a unique primary key.
>>>
>>> ...
>>>
>>> Good example:
>>> CREATE TABLE accounts
>>> ( accout_id bigint NOT NULL ,
>>>
>>>
>>> I would not consider the general use of natural primary keys to be best
>>> practice.
> Gavin, Ray,
>
> I certainly didn't write any of the above.
>
> Karsten
Hi Karsten,

It took me a couple of minutes, but I traced "9. ..." to
melvin6925(at)gmail(dot)com who opened the thread

Looks like Ray misquoted back in the entry that can be identified by
(using the 'source' option on my mail client)

From: Ray Cote <rgacote(at)appropriatesolutions(dot)com>
Date: Mon, 24 Aug 2015 09:15:27 -0400
Message-ID:
<CAG5tnzqTausEhFtRpfWCunx4YNFuGTFyUZyTkn5f2E7RaYKE=g(at)mail(dot)gmail(dot)com>

which was

On Sat, Aug 22, 2015 at 11:46 AM, Karsten Hilbert <Karsten(dot)Hilbert(at)gmx(dot)net>
wrote:

> > 1. Prefix ALL literals with an Escape
> > EG: SELECT E'This is a \'quoted literal \'';
> > SELECT E'This is an unquoted literal';
> >
> > Doing so will prevent the annoying "WARNING: nonstandard use of
> escape in a string literal"
>

I'd be concerned that what is missing here is the bigger issue of Best
Practice #0: Use Bound Variables.
The only way I've seen invalid literals show up in SQL queries is through
the dynamic generation of SQL Statements vs. using bound variables.
Not using bound variables is your doorway to SQL injection exploits.

9. Do NOT arbitrarily assign an "id" column to a table as a primary key
> when other columns
> are perfectly suited as a unique primary key.

...

Good example:
> CREATE TABLE accounts
> ( accout_id bigint NOT NULL ,

I would not consider the general use of natural primary keys to be best
practice.
Let's assume your account_id field is used as a foreign key in a dozen
other tables.
1) What happens if someone mis-types the account-id?
To correct that, you also need to correct the FK field in the other
dozen tables.
2) What happens when your company starts a new project (or buys a
competitor) and all the new account numbers are alpha-numeric?
3) Your example shows the id as a bigint, but your rule is not limited to
integers.
What if your table is country populations and the primary key is country
name?
Now, you have quite large foreign keys (and a country changing its name is
not unheard of).
(and let's not even get started on case-sensitivity or character encodings).

Cheers,
Gavin

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2015-08-25 13:01:16 Re: Problem with pl/python procedure connecting to the internet
Previous Message Igor Sosa Mayor 2015-08-25 08:35:21 Re: Problem with pl/python procedure connecting to the internet