| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Greg Stark <gsstark(at)mit(dot)edu> |
| Cc: | Bill Moran <wmoran(at)potentialtech(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Sql injection attacks |
| Date: | 2004-07-26 17:48:01 |
| Message-ID: | 29958.1090864081@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Greg Stark <gsstark(at)mit(dot)edu> writes:
> Incidentally, you should be able to prepare queries and execute them later
> like the DBI and PHP interfaces, but there's an odd comment in the docs:
> Presently, prepared statements for use with PQexecPrepared must be set up by
> executing an SQL PREPARE command, which is typically sent with PQexec
> (though any of libpq's query-submission functions may be used). A
> lower-level interface for preparing statements may be offered in a future
> release.
> I don't think this is true any more. I think the low level protocol exists
> now. It's possible the libpq method doesn't exist yet though.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That's what the comment is trying to tell you: libpq does not currently
offer a way to use the V3-protocol Prepare message.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | cipriani | 2004-07-26 17:58:53 | postgresql password from .pgpass |
| Previous Message | David Parker | 2004-07-26 17:42:35 | 7.5 beta? |