On Jul4, 2010, at 11:59 , Pavel Stehule wrote: > 2010/7/4 Florian Pflug <f...@phlo.org>: >> On Jul4, 2010, at 08:41 , Pavel Stehule wrote: >>> I enhanced DO statement syntax to allowing a parameters. Syntax is >>> relative simple: >>> >>> do ([varname] vartype := value, ...) $$ ... $$ >> >> I think it'd be more useful to put the values at the very end of the >> statement, not somewhere in the middle. For positional parameters I envision >> >> do (vartype, ...) $$ ... $$ using value, ... >> >> and for named parameters it'd be >> >> do (varname vartype) $$ ... $$ using varname := value, ...
> Your syntax is longer and less readable (my personal view). With > proposed syntax it is ensured so every parameter has a value. Next - > my syntax is reflecting fact, so these are not true parameters - it's > +/- similar to default values of function parameters. Yeah, with your syntax omitting a value is syntactically invalid, while with mine it'd parse OK and fail later on. But I fail to see the drawback of that. I do agree that my suggestion is slightly more verbose, but it think thats compensated by the increase in usefulness. > I understand to your motivation - but you can use a printf command and > do it same work. Sure. But by the very same argument, printf makes DO-block parameters redundant as a whole. > or better and safer - use a psql variables (it is preferred solution) I don't really buy that argument. By using a psql variable, you simply move the quoting & escaping business from SQL to the shell where psql is called. True, you avoid SQL injectiont, but in turn you make yourself vulnerable to shell injection. best regards, Florian Pflug -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
