db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kathey Marsden <kmarsdende...@sbcglobal.net>
Subject Re: Question regarding DERBY-4208 Parameters ? with OFFSET and/or FETCH
Date Wed, 08 Jul 2009 16:59:29 GMT
Dag H. Wanvik wrote:
> Hi folks,
> I have a working patch sitting on DERBY-4208. I am wondering if this
> is a fix we should consider including for 10.5.2?
> The pro argument is that this is a usability issue, and to the extent
> it forces the app to construct SQL on the fly, makes the app more
> vulnerable to injection attacks, at least in theory. A user has asked
> for it.
> On the contra side, we have the fact that dynamic arguments are not
> allowed by the SQL standard for this construct, at least not yet.
> Personally I think it's a nice extension.
> Thoughts?
I am hesitant to introduce behavior that is not standard compliant, but 
may be less hesitant if it is a sort of implied industry standard.  What 
other database products do/do not support this syntax?


View raw message