db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Question regarding DERBY-4208 Parameters ? with OFFSET and/or FETCH
Date Thu, 09 Jul 2009 19:08:03 GMT
I think that this discussion has gotten seriously off-track. It is the 
intent of the standard that the offset and window length values be 
parameterized. This is clear from the standard language and I confirmed 
this with the SQL committee in May. For the record, Lance and I sit on 
the SQL committee as alternate delegates from Sun. Dynamic ? parameters 
are Derby's model for specifying parameters.

I believe this is a serious usability defect of our OFFSET/FETCH 
implementation. As it stands today, you can only scroll one of these 
windows forward by sacrificing the performance benefits of prepared 
statements. It would be a shame if this feature had to remain unusable 
until the next rev of the standard in 2011. If the committee approves 
some other language at that time, then we can implement that extension.

If people wish to veto this proposal, then I would ask them to propose 
an alternative solution which makes this feature usable and which they 
believe fits more comfortably within the intention of the standard.

Thanks,
-Rick

Dag H. Wanvik wrote:
> Hi folks,
>
> I have a working patch sitting on DERBY-4208. I am wondering if this
> is a fix we should consider including for 10.5.2?
>
> The pro argument is that this is a usability issue, and to the extent
> it forces the app to construct SQL on the fly, makes the app more
> vulnerable to injection attacks, at least in theory. A user has asked
> for it.
>
> On the contra side, we have the fact that dynamic arguments are not
> allowed by the SQL standard for this construct, at least not yet.
>
> Personally I think it's a nice extension.
>
> Thoughts?
>
> Dag
>   


Mime
View raw message