Gaetano Mendola wrote:
> Shachar Shemesh wrote:
>
>> Tom Lane wrote:
>>
>>> Parameters are only supported in plannable statements
>>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>>> CURSOR these days too).
>>>
>>>
>> That's a shame.
>>
>> Aside from executing prepared statements, parameters are also useful
>> for preventing SQL injections. Under those cases, they are useful for
>> all commands, not only those that can be prepared.
>>
>> Oh well. I'm not sure whether that's extremely clever or downright
>> insane, but I'm solving this problem by calling "Select
>> quote_literal($1)" and "select quote_id($1)", and then using the
>> results.
>
>
> Create your own plpgsql function and call it.
In a way you can say I did `-). This is what I'm using:
http://gborg.postgresql.org/projects/oledb
--
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/
