Re: Protection from SQL injection

Andrew Dunstan wrote:
> 
> 
> Tino Wildenhain wrote:
>> Hi,
>>
>>> In C the best practice is to use #define for constants. In C++ you
>>> have 'const', in Java 'static final'. Unfortunately the 'named
>>> constant' concept doesn't exist in SQL. I think that's a mistake. I
>>> suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT
>>> ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.
>>
>> of course you mean:
>>
>> CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)
> 
> Why does he mean that? Manifest constants are not typed in plenty of 
> languages.

Well but in this case we want them to prevent easy sql injection and
therefore arbitrary macro expansion like in those "plenty of languages"
does not seem like a good idea to me.

Cheers
Tino