| From: | Justin Graf <justin(at)magwerks(dot)com> |
|---|---|
| To: | Dennis Gearon <gearond(at)sbcglobal(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: child/parent creation |
| Date: | 2010-05-29 20:34:16 |
| Message-ID: | 4C017A48.1020303@magwerks.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 5/29/2010 1:05 PM, Dennis Gearon wrote:
> Is it possible to create a complex schema object in one transaction,
I'm not sure i understand what you mean by schema object????
> using prepared statements to protect(somewaht) against SQL injection?
>
In short no
Prepared statements do not protect from SQL injection. Prepared
statements are used to skip the planning stage of the query.
There are really only two ways to block SQL injection parameterized
queries or check/remove command characters from the query sent to the DB
> Example: A 'family tree object' (having obvious relationships) consisting of:
>
> Table grandparent
> Table parent
> table childA
> table childB
>
> If I have all the information for each 'sub-object' in the 'family tree object', but of course, the primary, integer, sequence keys.
>
> So, using a script language, the procedure I'm doing now is creating one node, getting the id with another query (because of a (reported and actual) bug in the Doctrine ORM), and then creating the next level down.
>
> My application has nothing to do with family trees, actually, just an example.
>
>
> each of the (relevant) primary keys is a BIGSERIL, sequence backed, BIGINT.
>
>
I do not understand what you are trying to do here, please clarify????
All legitimate Magwerks Corporation quotations are sent in a .PDF file attachment with a unique ID number generated by our proprietary quotation system. Quotations received via any other form of communication will not be honored.
CONFIDENTIALITY NOTICE: This e-mail, including attachments, may contain legally privileged, confidential or other information proprietary to Magwerks Corporation and is intended solely for the use of the individual to whom it addresses. If the reader of this e-mail is not the intended recipient or authorized agent, the reader is hereby notified that any unauthorized viewing, dissemination, distribution or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and destroy all occurrences of this e-mail immediately.
Thank you.
| Attachment | Content-Type | Size |
|---|---|---|
| justin.vcf | text/x-vcard | 258 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bob Pawley | 2010-05-29 22:09:05 | Installing version 8.4 |
| Previous Message | Richard Broersma | 2010-05-29 20:29:50 | Write-able CTEs, Update-able views, Hierarchical data, and optimistic locking |