Hi Guillaume,
On Wed, Dec 31, 2008 at 1:12 AM, Guillaume Smet
<guillaume.smet@gmail.com> wrote:
> On Tue, Dec 30, 2008 at 7:59 PM, bricklen <bricklen@gmail.com> wrote:
>> I would like to continue to use bind variables to prevent sql
>> injection, but I'd like to force a plan re-parse for every single
>> query (if necessary?)
>
> As far as I understand your problem, you don't care about using
> prepared statements.
>
> If so, you can:
> - either use pg_query_params():
> http://www.php.net/manual/en/function.pg-query-params.php
> - or use an unnamed prepared statements when you don't want a prepared
> statement if, for some reason, you really need to use prepared
> statements in a few cases: you can specify an empty string as plan
> name. The condition for this one is that you need to upgrade to a
> recent version of 8.3 as postponed planning of unnamed prepared
> statements is a new feature of 8.3 and was broken in 8.3.0 and 8.3.1.
>
> --
> Guillaume
>
I will look into the pg_query_params() function to see if it works for
us. I don't think your second suggestion is going to work for us,
since we are stuck on 8.2 for the foreseeable future.
Thanks for the tips though, I appreciate it!
Bricklen