[Gambas-user] escape a picture PS

Jean-Yves F. Barbier 12ukwn at ...626...
Tue Nov 24 22:31:40 CET 2009 

richard terry a écrit :
... 
> Don't forget to commit your transaction
> 
> 
> sample table:
> 
> CREATE TABLE all_images
> (
>   pk serial NOT NULL,
>   image bytea,
>   deleted boolean,
>   CONSTRAINT all_images_pkey PRIMARY KEY (pk)
> )
> WITH (
>   OIDS=FALSE
> );
> ALTER TABLE all_images OWNER TO easygp;
> GRANT ALL ON TABLE all_images TO easygp;
> GRANT ALL ON TABLE all_images TO staff;
        ^^^
You like to live *very* dangerously...
 
> 
> Note also with gambas. I've raised this with the list/devel/benoit and had no 
> replies but after much angst it seems that you can't address schema.table, ie
> you cannot do this:
> 
>  newPicture = conn.Create("myschema.all_images")

This is not acceptable, nor usable!

> I got tripped up for many many hours trying to figure out why these damn 
> things wouldn't save, even when I just put a table called "images" into 
> public, until I realised that throughout my db (of 350 odd tables scattered 
> over 28 schemas, I have several "image" tables in different schemas so gambas 
> was baulking without an error message when it got to the reference to "image" 
> as  table. (hence the temporary name I've provided you "all_images" as I've 
> not yet removed all the other tables due to my extensive use of views which 
> I'll have to laboriously correct!
> 
> So in the end I've decided single table for all bytea data which I keep in 
> public and (touch wood) seems to work quickly and easily. apparently you can 
> store up to 1GIG in a bytea field but I suspect putting it in there could be 
> real slow. 

I've got quite a same DB.

Once again, this is not acceptable and a large flaw in design, not to
mention the lack of security.

> You can use client side lo_creat,  and lo_import  functionsto directly write 
> to blobs (different to bytea) in postgres as user (not the server side 
> functions) but though easy to do on the postgres command line, I've not 
> figured out how to do it in sql, and no-one on the postgresql novice list 
> seemed to  know either. 

You can do that if your procedure gain the SU permissions, which, once again,
is not acceptable (at all.)

> I spent probably 10 hours trawling the net to find a solution and though 
> millions of references to it the 'smart ****$$%%^& ers' all sound really 
> knowledgable by quoting the postgresl docs which in the end to idiots like 
> myself mean nothing, but no-one seems to be able to offer a practicel sql 
> solution. If you find out let me know.

I'm gonna ask the Pg ML; if there's no possibility I'll leave gambas and
return to Python.

> Hope this all helps.

Unfortunately not :(

Regards
JY
-- 
X-rated movies are all alike ... the only thing they leave to the
imagination is the plot.

More information about the User mailing list