From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
---|---|
To: | Justin Waddell <jwaddell(at)gmail(dot)com> |
Cc: | pgsql-jdbc(at)postgresql(dot)org |
Subject: | Re: Cannot use prepared statements with create user command |
Date: | 2006-08-23 06:31:50 |
Message-ID: | 44EBF656.2000000@opencloud.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-jdbc |
Justin Waddell wrote:
>> From my research into this problem it seems like prepared statements
> have been deliberately left out of the create user command as they use
> a different type of parameter; this would be fine if the security hole
> wasn't there!
The JDBC driver can only put parameters in where the server-side grammar
allows it (it does not interpolate parameter values into the actual
query, it puts $1,$2,... placeholders in place of the ? placeholders and
passes the actual parameter values out-of-line from the query itself).
If you want to change the grammar, you need to take this up with the
backend developers.. the JDBC driver can't do anything about it.
-O
From | Date | Subject | |
---|---|---|---|
Next Message | Oliver Jowett | 2006-08-23 06:33:16 | Re: [JDBC] org.postgresql.util.PSQLException: An I/O error occured |
Previous Message | surabhi.ahuja | 2006-08-23 05:12:34 | PSQLException An I/O error occured while sending to the backend |