From: | "surabhi(dot)ahuja" <surabhi(dot)ahuja(at)iiitb(dot)ac(dot)in> |
---|---|
To: | "Tino Wildenhain" <tino(at)wildenhain(dot)de> |
Cc: | "Richard Huxton" <dev(at)archonet(dot)com>, "Stephan Szabo" <sszabo(at)megazone(dot)bigpanda(dot)com>, <pgsql-general(at)postgresql(dot)org> |
Subject: | Re: a stored procedure ..with integer as the parameter |
Date: | 2005-10-26 04:07:32 |
Message-ID: | 967CFC4343BF2A4DAFACD026D33DC85118EC83@jal.iiitb.ac.in |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
what do u suggest i do then in that case?
i mean how should i make a query - i mean how do i make a command?
________________________________
From: Tino Wildenhain [mailto:tino(at)wildenhain(dot)de]
Sent: Tue 10/25/2005 11:22 AM
To: surabhi.ahuja
Cc: Richard Huxton; Stephan Szabo; pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] a stored procedure ..with integer as the parameter
***********************
Your mail has been scanned by InterScan VirusWall.
***********-***********
Am Dienstag, den 25.10.2005, 10:24 +0530 schrieb surabhi.ahuja:
> oops i am sorry,
> i mean from the client i ll be getting values (which i need to insert
> into the table) in the form of strings:
>
> and i form the insert command as follows:
>
> function(char *a, char *b, char *c)
> {
> char command[1024];
> sprintf(command, "select insert('%s','%s','%s')", a,b,c);
> execute the above command;
> }
>
> the above is just the pseudo code
>
> the stored procedure in turn is as follows (psudocode):
>
> insert(smallint , smallint, varchar(256))
> begin
> insert into table 1 values ($1, $2, $3);
> end
I'm not sure this serves much purpose if it isnt just
for experimenting ;)
char -> int is simply done by casting (even automatically)
so your insert reduces to:
INSERT INTO table1 (col_a,col_b,col_c) VALUES (a,b,c);
(with or w/o stored function)
simply sprintf into a string can be a very serious
security hole btw.
From | Date | Subject | |
---|---|---|---|
Next Message | Troy | 2005-10-26 04:22:41 | Re: How Do I install the Admin Module (pgAdmin III) |
Previous Message | Troy | 2005-10-26 03:56:27 | Re: Dump only functions... |