Re: using separate parameters in psql query execution

On Mon, Dec 21, 2009 at 1:03 AM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
> 2009/12/21 Robert Haas <robertmhaas@gmail.com>:
>> On Mon, Nov 16, 2009 at 5:01 PM, Pavel Stehule <pavel.stehule@gmail.com> wrote:
>>> Hello
>>>
>>> now - complete patch
>>>
>>> ToDo:
>>> * enhance a documentation (any volunteer?)
>>> * check name for backslash command
>>
>> I read through this patch tonight and I don't understand what the
>> point of this change is.  That's something that should probably be
>> discussed and also incorporated into the documentation.
>
> Do you ask about ToDo points?
>
> I used "pexec" as switch. Probably better name is
>
> "parametrized-execution", "send-parameters-separately" or "parametrized-queries"
>
> general goal of this patch is removing issues with  variables quoting
> - using psql variables should be more robust and more secure.

My point is that I don't think someone new to psql (or even
experienced in psql, such as myself) has a hope of reading the
documentation for this option and understanding why they might or
might not want to use it.  Even your description here, "removing
issues with variable quoting" is pretty vague.  Maybe you need to
provide some examples of the pros and cons of using this option.

> I checked second design based on enhanced syntax -
> http://www.postgres.cz/index.php/Enhanced-psql#Variables_quoting . It
> working too, but it needs one exec more.

Hmm, the :[foo] and :{foo} syntax looks sort of cool.  But I don't
understand why it would need any more server calls.

...Robert