db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lance J. Andersen" <Lance.Ander...@Sun.COM>
Subject Re: Question regarding DERBY-4208 Parameters ? with OFFSET and/or FETCH
Date Thu, 09 Jul 2009 21:32:58 GMT

Rick Hillegas wrote:
> I think that this discussion has gotten seriously off-track. It is the 
> intent of the standard that the offset and window length values be 
> parameterized. This is clear from the standard language and I 
> confirmed this with the SQL committee in May. For the record, Lance 
> and I sit on the SQL committee as alternate delegates from Sun. 
> Dynamic ? parameters are Derby's model for specifying parameters.
> I believe this is a serious usability defect of our OFFSET/FETCH 
> implementation. As it stands today, you can only scroll one of these 
> windows forward by sacrificing the performance benefits of prepared 
> statements. It would be a shame if this feature had to remain unusable 
> until the next rev of the standard in 2011. If the committee approves 
> some other language at that time, then we can implement that extension.

I agree with you Rick and I feel that we should implement this feature
> If people wish to veto this proposal, then I would ask them to propose 
> an alternative solution which makes this feature usable and which they 
> believe fits more comfortably within the intention of the standard.

no veto from me, I am for it.

> Thanks,
> -Rick
> Dag H. Wanvik wrote:
>> Hi folks,
>> I have a working patch sitting on DERBY-4208. I am wondering if this
>> is a fix we should consider including for 10.5.2?
>> The pro argument is that this is a usability issue, and to the extent
>> it forces the app to construct SQL on the fly, makes the app more
>> vulnerable to injection attacks, at least in theory. A user has asked
>> for it.
>> On the contra side, we have the fact that dynamic arguments are not
>> allowed by the SQL standard for this construct, at least not yet.
>> Personally I think it's a nice extension.
>> Thoughts?
>> Dag

View raw message