| From: | Shachar Shemesh <psql(at)shemesh(dot)biz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: No parameters support in "create user"? |
| Date: | 2004-09-20 16:59:41 |
| Message-ID: | 414F0C7D.4000306@shemesh.biz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom Lane wrote:
>Parameters are only supported in plannable statements
>(SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>CURSOR these days too).
>
>
That's a shame.
Aside from executing prepared statements, parameters are also useful for
preventing SQL injections. Under those cases, they are useful for all
commands, not only those that can be prepared.
Oh well. I'm not sure whether that's extremely clever or downright
insane, but I'm solving this problem by calling "Select
quote_literal($1)" and "select quote_id($1)", and then using the results.
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2004-09-20 17:05:40 | Re: libpq and prepared statements progress for 8.0 |
| Previous Message | Andrew Dunstan | 2004-09-20 16:54:33 | Re: Export/Import existing database from Unix to Windows |