Re: Sql injection attacks
| От | Tom Lane |
|---|---|
| Тема | Re: Sql injection attacks |
| Дата | |
| Msg-id | 29958.1090864081@sss.pgh.pa.us обсуждение |
| Ответ на | Re: Sql injection attacks (Greg Stark <gsstark@mit.edu>) |
| Список | pgsql-general |
Greg Stark <gsstark@mit.edu> writes:
> Incidentally, you should be able to prepare queries and execute them later
> like the DBI and PHP interfaces, but there's an odd comment in the docs:
> Presently, prepared statements for use with PQexecPrepared must be set up by
> executing an SQL PREPARE command, which is typically sent with PQexec
> (though any of libpq's query-submission functions may be used). A
> lower-level interface for preparing statements may be offered in a future
> release.
> I don't think this is true any more. I think the low level protocol exists
> now. It's possible the libpq method doesn't exist yet though.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
That's what the comment is trying to tell you: libpq does not currently
offer a way to use the V3-protocol Prepare message.
regards, tom lane
В списке pgsql-general по дате отправления: