PQexecParams, placeholders and variable lists of params

From: <tomas(at)tuxteam(dot)de>
To: pgsql-general <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: PQexecParams, placeholders and variable lists of params
Date: 2021-11-23 11:37:15
Message-ID: YZzSa7qRtgg/+oLL@tuxteam.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi,

PQexecParams expects a query string with "$1", "$2"... placeholders,
which refer to as many params in the param list. This keeps SQL
injection at bay.

Is there a way to express "variable length" lists? IOW, if I want to do
a query like

"SELECT * FROM customers WHERE id IN ($1, $2) AND name like $3;"

is there a way to do that without knowing beforehand how many values go
into the IN list?

It would be very welcome for you to rub my nose against the place in The
Fine Manual where I could have found that :-)

Thanks & cheers
- tomás

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Saurabh Agrawal 2021-11-23 12:08:38 Re: Regex for Word space Word space Word ....
Previous Message Shaozhong SHI 2021-11-23 11:25:29 Re: Regex for Word space Word space Word ....