On Wed, Jun 22, 2011 at 8:49 AM, Jean-Yves F. Barbier <12ukwn@gmail.com> wrote:
> Hi list,
>
> As of '39.5: plpgsql-statements', it is said that using '$n' instead of a named
> variable is prefered and less sensitive to a SQL injection.
>
> Does it really mean if I use $n I don't have to 'quote_xxxxxx' any of these
> variables?
that is correct. (by the way, we are talking about dynamic statements
with 'execute' here).
merlin