db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dag H. Wanvik" <Dag.Wan...@Sun.COM>
Subject Question regarding DERBY-4208 Parameters ? with OFFSET and/or FETCH
Date Wed, 08 Jul 2009 15:07:33 GMT

Hi folks,

I have a working patch sitting on DERBY-4208. I am wondering if this
is a fix we should consider including for 10.5.2?

The pro argument is that this is a usability issue, and to the extent
it forces the app to construct SQL on the fly, makes the app more
vulnerable to injection attacks, at least in theory. A user has asked
for it.

On the contra side, we have the fact that dynamic arguments are not
allowed by the SQL standard for this construct, at least not yet.

Personally I think it's a nice extension.



View raw message