Hi all
While looking at an unrelated issue in PgJDBC I noticed that it's
difficult for users and the driver to tell in advance if a given
statement will support bind parameters.
PostgreSQL just treats placeholders as syntax errors for non-plannable
statements at parse time.
This forces users to try to guess whether a given statement can be
parameterised or not, or forces drivers to guess this on behalf of users
and do client-side parameter substitution.
As a result, some code that worked with PgJDBC using the v2 protocol
will fail with the v3 protocol, e.g.
@Test
public void test() throws SQLException {PGConnection pgc = (PGConnection)conn;PreparedStatement ps =
conn.prepareStatement("SETROLE ?");ps.setString(1, "somebody");ps.executeUpdate();
}
This works with the v2 protocol because PgJDBC does client side
parameter binding unless you request sever-side prepare (via SQL-level
PREPARE and EXECUTE).
With the v3 protocol it always uses the extended parse/bind/execute
flow, with unnamed statements.
(Another case where this is quite frustrating is COPY, though PgJDBC has
a wrapper API for COPY that helps cover that up.)
It'd be nice not to force users to do their own escaping of literals in
non-plannable statements. Before embarking on anything like this I
thought I'd check and see if anyone's looked into supporting bind
parameters in utility statements, or if not, if anyone has any ideas
about the feasibility of adding such support.
I didn't have much luck searching for discussion on the matter.
-- Craig Ringer http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training & Services