Re: How does one make the following psql statement sql-injection resilient?
| От | David G. Johnston |
|---|---|
| Тема | Re: How does one make the following psql statement sql-injection resilient? |
| Дата | |
| Msg-id | CAKFQuwZas=frYrn_ASH8JsTDNT5HDcx0i_bGaKWzzQRhtVxS5g@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: How does one make the following psql statement sql-injection resilient? (Alvaro Herrera <alvherre@2ndquadrant.com>) |
| Ответы |
Re: How does one make the following psql statement sql-injection resilient?
|
| Список | pgsql-general |
On Monday, March 16, 2015, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
David G. Johnston wrote:
> Thanks! I got the gist even with the typo. I actually pondered about
> prepare/execute after hitting send. Am I correct in remembering that
> "CREATE TEMP TABLE" cannot be prepared? I was using the actual query with
> CREATE TEMP TABLE and then issuing "\copy" to dump the result out to the
> file. The limitation of copy to having to be written on a single line
> makes the intermediary temporary table seem almost a necessity.
CREATE TEMP TABLE AS EXECUTE
Thanks.
Though unless I need to work on the temp table I think:
PREPARE ...;
\copy (EXECUTE ...) TO '~/temp.csv' ...;
Gives the best of all worlds.
David J.
В списке pgsql-general по дате отправления: