Help | Site Map
Connecting Tech Pros Worldwide
bytes > groups > PostgreSQL
 
 
LinkBack Thread Tools
  #1  
Old November 23rd, 2005, 01:39 AM
Robert Paulsen
Guest
  
Posts: n/a
Default PHP and PostgreSQL question on identifier limits.
Hello,

I am migrating from MySQL to PostgreSQL and ran into a limitation of
PostgreSQL. I ran into this because of a technique I use for displaying
results of a SELECT query. In some cases I like to have the heading of some
columns in the table be clickable, usually to sort output by that column.

I have common a function I use that displays the results of a query in an HTML
table with the column headings being the field names. Here is a snippet of
code showing a typical query:

================================================== =====
$_GET['sort'] && $_SESSION['sort']=$_GET['sort'];
$sort=$_SESSION['sort'];
$sort || $sort="field1";

$query="SELECT
field1 AS \"<a href=$PHP_SELF?sort=field1>field1</a>\",
field2 AS \"<a href=$PHP_SELF?sort=field2>field2</a>\",
field3 AS \"<a href=$PHP_SELF?sort=userid>field3</a>\"
FROM my_table ORDER BY $sort";

$tbl=new Table($query);
$tbl->print();
================================================== =====

The problem I ran into is when the "AS" exceeds 63 characters --- which it
does NOT in the above example, but sometimes DOES in more complex real-life
queries. In those cases I get a PostgreSQL error saying that the identifier
is too long. Looking at the PostgreSQL documentation I see this is set to 63
characters by default but can be changed with a recompile.

Before I recompile PostgreSQL I would like to re-think my strategy for making
column headings clickable links.

Does anyone else create HTML tables with clickable headers? If so, do you use
a similar or different technique?

--
Robert C. Paulsen, Jr.
robert@paulsenonline.net

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
  #2  
Old November 23rd, 2005, 01:39 AM
Matteo Beccati
Guest
  
Posts: n/a
Default Re: PHP and PostgreSQL question on identifier limits.
Hi,
[color=blue]
> $_GET['sort'] && $_SESSION['sort']=$_GET['sort'];
> $sort=$_SESSION['sort'];
> $sort || $sort="field1";[/color]

First of all I don't feel very comfortable with this exotic syntax, but
this is not the right place to discuss about it ;)

[color=blue]
> $query="SELECT
> field1 AS \"<a href=$PHP_SELF?sort=field1>field1</a>\",
> field2 AS \"<a href=$PHP_SELF?sort=field2>field2</a>\",
> field3 AS \"<a href=$PHP_SELF?sort=userid>field3</a>\"
> FROM my_table ORDER BY $sort";
>
> $tbl=new Table($query);
> $tbl->print();[/color]

Is there a good reason why you don't add hyperlinks inside your Table
class, instead than using column names for such a purpose?


P.S.
Handling column sorting like you're doing is a big security risk! I hope
you are doing some more checks on $sort, otherwise SQL injection attacks
would be very easy to do.


Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
  #3  
Old November 23rd, 2005, 01:39 AM
Robert Paulsen
Guest
  
Posts: n/a
Default Re: PHP and PostgreSQL question on identifier limits.
On Sunday 15 August 2004 06:58 pm, Matteo Beccati wrote:[color=blue]
> Hi,
>[color=green]
> > $_GET['sort'] && $_SESSION['sort']=$_GET['sort'];
> > $sort=$_SESSION['sort'];
> > $sort || $sort="field1";[/color]
>
> First of all I don't feel very comfortable with this exotic syntax, but
> this is not the right place to discuss about it ;)
>[/color]

I guess "exotic" depends on your background.
[color=blue][color=green]
> > $query="SELECT
> > field1 AS \"<a href=$PHP_SELF?sort=field1>field1</a>\",
> > field2 AS \"<a href=$PHP_SELF?sort=field2>field2</a>\",
> > field3 AS \"<a href=$PHP_SELF?sort=userid>field3</a>\"
> > FROM my_table ORDER BY $sort";
> >
> > $tbl=new Table($query);
> > $tbl->print();[/color]
>
> Is there a good reason why you don't add hyperlinks inside your Table
> class, instead than using column names for such a purpose?[/color]

That might be the best solution. This code has evolved from a time before I
was using classes. Used to be a simple function call. With classes I could
add the ability to assign links to the headers.
[color=blue]
>
>
> P.S.
> Handling column sorting like you're doing is a big security risk! I hope
> you are doing some more checks on $sort, otherwise SQL injection attacks
> would be very easy to do.[/color]

Good point. Using your suggestion about implementing this inside the Table
class will make this easier to control.

--
Robert C. Paulsen, Jr.
robert@paulsenonline.net

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
 

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

What is Bytes?

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over network members.
Post your question now . . .
It's fast and it's free

Popular Articles
Quick Browse:
Communities / Archives
XML / CSS | HTML | Javascript | PHP | Perl | Visual Basic | Python | C++ / C | Java | .NET / C# / VB / XML / ASP.net | ASP
PostgreSQL | MS SQL | Oracle | IBM DB2 | MS Access | MySQL

About Bytes | Sitemap | Privacy Policy | Terms of Use
Copyright 1995-2008 Bytes.com. All rights Reserved