Обсуждение: Perspective: PostgreSQL usage boon after release of 8.2
Just a quick thought, and an possibly over-optimistic forecast: I think PG will see a really significant increase in usage, especially 'corporate' use, with the release of the version that has support for (what I consider to be) one of the biggest features in recent memory: standard iso/ansi string escaping. In my experience this has been the biggest roadblock to adoption by companies running a commercial database... it has made migration difficult/daunting, especially for users who cannot rely on prepared statement style APIs (complex dynamic queries, etc). Most of the corp folks I know who have tried using PG to augment or replacement a commercial offering just tend to silently pause and wait for this change.. that why this topic isn't really heard very often. It's like going to a car lot to buy a SUV, but they don't have any within sight.. the perspective buyer just moves on without saying anything. I'm am SOOO looking forward to hearing the beta announcement for 8.2... hopefully that version's still on target for the standard string escape option.. This *one* roadblock will be gone. k
Ken Johanson wrote: > Most of the corp folks I know who have tried using PG to augment or > replacement a commercial offering just tend to silently pause and wait > for this change.. that why this topic isn't really heard very often. > It's like going to a car lot to buy a SUV, but they don't have any > within sight.. the perspective buyer just moves on without saying anything. I have converted databases from other DBs such as MS SQL server and never had a problem with string escaping, can you please post a example of what you mean? Do you mean inside of functions? -- Tony Caduto AM Software Design Home of PG Lightning Admin for Postgresql http://www.amsoftwaredesign.com
Tony Caduto wrote: > Ken Johanson wrote: >> Most of the corp folks I know who have tried using PG to augment or >> replacement a commercial offering just tend to silently pause and >> wait for this change.. that why this topic isn't really heard very >> often. It's like going to a car lot to buy a SUV, but they don't have >> any within sight.. the perspective buyer just moves on without saying >> anything. > > > I have converted databases from other DBs such as MS SQL server and > never had a problem with string escaping, can you please post a > example of what you mean? Do you mean inside of functions? > Well for a simple (for brevity) example, when you compile a query (not via prepared stmts/argument based compilation) that takes user input, how do you handle both backslashes and single-quotes? In practice the way of doing this is quite different between pg and a iso-compliant db, otherwise you have either code injection, or superfluous backslashes.. "SELECT firstName FROM tbl WHERE lastName = '"+toSql(userInput)+"' "
Вложения
On 3/7/06, Ken Johanson <pg-user@kensystem.com> wrote: > Just a quick thought, and an possibly over-optimistic forecast: > I'm am SOOO looking forward to hearing the beta announcement for 8.2... > hopefully that version's still on target for the standard string escape > option.. This *one* roadblock will be gone. I have to agree. 8.2 is shaping up to be one of those odd releases is light on the attention grabbing 'enterprise features' but packs lots of quiet usability improvements that benefit everybody. 7.4 was another release like that... Merlin