On Mon, Dec 06, 2004 at 03:02:45PM -0500, alex@pilosoft.com wrote:
> On Mon, 6 Dec 2004, Michael Fuhr wrote:
>
> > On Mon, Dec 06, 2004 at 02:34:33PM -0500, alex@pilosoft.com wrote:
> > >
> > > For quick access from trusted code, spi_exec should just do fine.
> >
> > BTW, does stock PL/Perl have functions for escaping identifiers,
> > strings, and binary strings?
>
> non-DBI? no.
>
> DBI? yes, $pg_dbh->quote('foo')
Yeah, I know about DBI, but since we currently can't use it in
trusted code I was wondering what we *could* use. With DBI I'd be
using placeholders wherever possible, but unless I've missed something
spi_exec_query() requires values to be interpolated into the query
string. Danger, danger.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/