Re: Protection from SQL injection

Hi,

> In C the best practice is to use #define for constants. In C++ you
> have 'const', in Java 'static final'. Unfortunately the 'named
> constant' concept doesn't exist in SQL. I think that's a mistake. I
> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.

of course you mean:

CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)

interesting idea, would that mean PG complaints on queries

SELECT state_active FROM sometable ... because
state_active is already defined as constant?

What about local session variables? Usefull as well...

I think this is really a big effort :-)

Greets
Tino