Quick Links

Re: No parameters support in "create user"?

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Shachar Shemesh <psql(at)shemesh(dot)biz>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: No parameters support in "create user"?
Date:	2004-09-20 17:29:01
Message-ID:	12813.1095701341@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Shachar Shemesh <psql(at)shemesh(dot)biz> writes:
> Tom Lane wrote:
>> Parameters are only supported in plannable statements
>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>> CURSOR these days too).

> That's a shame.

> Aside from executing prepared statements, parameters are also useful for
> preventing SQL injections. Under those cases, they are useful for all
> commands, not only those that can be prepared.

Sure. Are you volunteering to fix it?

regards, tom lane

In response to

Re: No parameters support in "create user"? at 2004-09-20 16:59:41 from Shachar Shemesh

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Fx	2004-09-20 17:32:09	How to change/replace an in-memory palloced tuple- tuple data
Previous Message	Tom Lane	2004-09-20 17:24:47	Re: libpq and prepared statements progress for 8.0