Well, you should still escape any strings you're getting from a web 
page so
you can ensure you're not subject to a SQL insert attack, even if you're
expecting integers.
Peter Darley

-----Original Message-----
[mailto:[EMAIL PROTECTED] Behalf Of
Pierre-Frédéric Caillaud
Sent: Monday, November 22, 2004 3:06 PM
Subject: Re: [PERFORM] Data type to use for primary key

> What is the common approach? Should I use directly the product_code as
> my ID, or use a sequantial number for speed? (I did the same for the
> company_id, this is a 'serial' and not the shor name of the customer.
> I just don't know what is usually done.

        Use a serial :
        - you can change product_code for a product easily
        - you can pass around integers easier around, in web forms for instance,
you don't have to ask 'should I escape this string ?'
        - it's faster
        - it uses less space
        - if one day you must manage products from another source whose
product_code overlap yours, you won't have problems
        - you can generate them with a serial uniquely and easily

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
      joining column's datatypes do not match

---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?


Reply via email to