| From: | Stuart Bishop <stuart(at)stuartbishop(dot)net> |
|---|---|
| To: | Federico Di Gregorio <fog(at)dndg(dot)it> |
| Cc: | "W(dot) Matthew Wilson" <matt(at)tplus1(dot)com>, "psycopg(at)postgresql(dot)org" <psycopg(at)postgresql(dot)org> |
| Subject: | Re: Is passing a list as a bound variable safe from SQL injection? |
| Date: | 2013-10-08 16:19:46 |
| Message-ID: | CADmi=6NsbvmaELJF0JFswnqPeVJuY_X1GSQ9SqQt4GS=Et5rhg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | psycopg |
On Thu, Oct 3, 2013 at 2:53 PM, Federico Di Gregorio <fog(at)dndg(dot)it> wrote:
> Btw, I am a little curious, what kind of query requires an array of
> ~11000 values? Surely there is a better way to write it, isn't it?
I see it a lot when breaking up bulk operations into small chunks. If
you can't use a temporary table persisting across transactions (eg.
pgbouncer in transaction pooling mode), the fastest way is often a
script that first sucks down a huge list of ids and does the update in
lots of small transactions. It works because PG happily handles
queries like 'UPDATE foo SET bar='baz' WHERE id IN ([... 10,000 ids
...])' without breaking a sweat, even though on the surface it looks
like a really silly thing to do.
--
Stuart Bishop <stuart(at)stuartbishop(dot)net>
http://www.stuartbishop.net/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2013-10-17 19:40:58 | Re: psycopg2 doesn't use LDFLAGS from pg_config |
| Previous Message | Daniele Varrazzo | 2013-10-03 13:21:02 | Re: Is passing a list as a bound variable safe from SQL injection? |