Re: How does one make the following psql statement sql-injection resilient?

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: How does one make the following psql statement sql-injection resilient?
Дата
Msg-id CAKFQuwZas=frYrn_ASH8JsTDNT5HDcx0i_bGaKWzzQRhtVxS5g@mail.gmail.com
обсуждение исходный текст
Ответ на Re: How does one make the following psql statement sql-injection resilient?  (Alvaro Herrera <alvherre@2ndquadrant.com>)
Ответы Re: How does one make the following psql statement sql-injection resilient?  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-general
Дерево обсуждения
On Monday, March 16, 2015, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
David G. Johnston wrote:

> Thanks!  I got the gist even with the typo.  I actually pondered about
> prepare/execute after hitting send.  Am I correct in remembering that
> "CREATE TEMP TABLE" cannot be prepared?  I was using the actual query with
> CREATE TEMP TABLE and then issuing "\copy" to dump the result out to the
> file.  The limitation of copy to having to be written on a single line
> makes the intermediary temporary table seem almost a necessity.

CREATE TEMP TABLE AS EXECUTE


Thanks.

Though unless I need to work on the temp table I think:

PREPARE ...;
\copy (EXECUTE ...) TO '~/temp.csv' ...;

Gives the best of all worlds.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: Craig Ringer
Дата:
Сообщение: Re: Postgresql BDR(Bi-Directional Replication) Latency Monitoring
Следующее
От: "Ruth Melendo"
Дата:
Сообщение: Re: [ADMIN] pgpool + BDR, is it possible?