Re: No parameters support in "create user"?

Поиск
Список
Период
Сортировка
От Shachar Shemesh
Тема Re: No parameters support in "create user"?
Дата
Msg-id 414F0C7D.4000306@shemesh.biz
обсуждение исходный текст
Ответ на Re: No parameters support in "create user"?  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: No parameters support in "create user"?  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: No parameters support in "create user"?  (Gaetano Mendola <mendola@bigfoot.com>)
Список pgsql-hackers
Дерево обсуждения 
Tom Lane wrote:

>Parameters are only supported in plannable statements
>(SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>CURSOR these days too).
>  
>
That's a shame.

Aside from executing prepared statements, parameters are also useful for 
preventing SQL injections. Under those cases, they are useful for all 
commands, not only those that can be prepared.

Oh well. I'm not sure whether that's extremely clever or downright 
insane, but I'm solving this problem by calling "Select 
quote_literal($1)" and "select quote_id($1)", and then using the results.
         Shachar

-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Andrew Dunstan
Дата:
Сообщение: Re: Export/Import existing database from Unix to Windows
Следующее
От: Tom Lane
Дата:
Сообщение: Re: libpq and prepared statements progress for 8.0