Don Y <[EMAIL PROTECTED]> writes:
> First, if the function is defined to return an INT16,
> then returning a NULL doesn't make any sense -- since the
> caller doesn't know how to deal with a NULL (it expects
> an INT16, for example).
Really? That would be a caller bug, if it's calling a function
that might return NULL.
> What I am trying to do is make functions more robust.
> As it stands currently, the functions get written and
> compiled "once". Thereafter, someone can FAIL to
> specify STRICT when creating those functions in SQL
> (CREATE FUNCTION...) and leave the server vulnerable
> to having those functions invoked with NULL arguments.
This would be the error of the person specifying the function's
SQL definition. Since there are many ways to crash the system by
writing a C function definition wrongly (eg, give the wrong
datatypes), I can't get very excited about this particular one.
We do make this a superuser-only feature for a reason: you're
expected to be competent enough to get it right.
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
