Dag H. Wanvik wrote:
Hi folks,
I have a working patch sitting on DERBY-4208. I am wondering if this
is a fix we should consider including for 10.5.2?
The pro argument is that this is a usability issue, and to the extent
it forces the app to construct SQL on the fly, makes the app more
vulnerable to injection attacks, at least in theory. A user has asked
for it.
On the contra side, we have the fact that dynamic arguments are not
allowed by the SQL standard for this construct, at least not yet.
Personally I think it's a nice extension.
Thoughts?
I am hesitant to introduce behavior that is not standard compliant, but
may be less hesitant if it is a sort of implied industry standard. What
other database products do/do not support this syntax?
Kathey
