On 18/06/13 12:08, Arran Cudbard-Bell wrote:
On 18 Jun 2013, at 11:07, Phil Mayers <p.mayers@IMPERIAL.AC.UK> wrote:
On 06/18/2013 07:27 AM, Brian Candler wrote:
Aside: I think Postgres will reject a quoted string being used in an integer context.
Not correct:
db=> create temp table tt (val integer); CREATE TABLE db=> insert into tt values ('1'); INSERT 0 1
Will it converted quoted NULLs 'NULL' to actual NULL values? I'm guessing no?
No. That's what NULLIF is for, and it's widely used for that. TBH we're running into the limitations of using variable interpolation for SQL here; the "right" way to do this would be parameter binding and passing typed data into the SQL drivers, but that's a lot of work for only a very small incremental gain. It's very, very common in SQL for writers of queries to have to use COALESCE, NULLIF, CASE, type coercion and other features to ensure proper data values (or for the SQL DB to infer them). As far as I'm concerned, the *only* thing FreeRADIUS needs to do is properly quote the variables it expands into a SQL query, which it already does.