On Wed, Jun 21, 2023 at 6:09 AM Dominique Devienne <ddevienne@gmail.com> wrote:
I'm sure there are good technical reason. But from the outside, it is surprising and a bit inconsistent.
The planner is the thing that handles binds. The only things that are planned are queries - i.e., SQL commands that are capable of producing result sets from data within tables. I agree this seems like it should be documented in places besides PREPARE.
Reworking that core design choice doesn't seem like a great use of time. Especially when alternatives exist. Specifically, the pg_notify function that can be parameterized and handles the SQL-injection stuff for you.