Shachar Shemesh wrote:
> Tom Lane wrote:
>
>> Parameters are only supported in plannable statements
>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>> CURSOR these days too).
>>
>>
> That's a shame.
>
> Aside from executing prepared statements, parameters are also useful for
> preventing SQL injections. Under those cases, they are useful for all
> commands, not only those that can be prepared.
>
> Oh well. I'm not sure whether that's extremely clever or downright
> insane, but I'm solving this problem by calling "Select
> quote_literal($1)" and "select quote_id($1)", and then using the results.
Create your own plpgsql function and call it.
Regards
Gaetano Mendola