On 09/01/2014 10:41 AM, Joel Jacobson wrote:
On Mon, Sep 1, 2014 at 4:26 PM, Craig Ringer <cr...@2ndquadrant.com> wrote:
Well, the idiom:

  EXECUTE format("SELECT %I FROM %I WHERE $1", col, tbl) USING val;

is not lovely. It works, but it's clumsy.

This is exactly why we need a new language.
All the clumsy stuff we cannot fix in plpgsql, can easily be fixed in
plpgsql2, with the most beautiful syntax we can come up with.

You know that you're running into problems with the SPI subsystem on that one, no?

Identifiers cannot be parameters in SPI_prepare(). So how do you propose to make that "pretty" and "performant"?

Because the moment, your "pretty" language is out there, be sure users will kick your behind that whenever they use that "pretty" stuff on anything but a toy setup, it spirals their servers into a DOS attack state.


Regards,
Jan

--
Jan Wieck
Senior Software Engineer
http://slony.info


--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to