Re: No parameters support in "create user"? - Mailing list pgsql-hackers

From Shachar Shemesh
Subject Re: No parameters support in "create user"?
Date
Msg-id 414FD05D.4000505@shemesh.biz
Whole thread Raw
In response to Re: No parameters support in "create user"?  (Gaetano Mendola <mendola@bigfoot.com>)
List pgsql-hackers
Gaetano Mendola wrote:

> Shachar Shemesh wrote:
>
>> Tom Lane wrote:
>>
>>> Parameters are only supported in plannable statements
>>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>>> CURSOR these days too).
>>>  
>>>
>> That's a shame.
>>
>> Aside from executing prepared statements, parameters are also useful 
>> for preventing SQL injections. Under those cases, they are useful for 
>> all commands, not only those that can be prepared.
>>
>> Oh well. I'm not sure whether that's extremely clever or downright 
>> insane, but I'm solving this problem by calling "Select 
>> quote_literal($1)" and "select quote_id($1)", and then using the 
>> results.
>
>
> Create your own plpgsql function and call it.

In a way you can say I did `-). This is what I'm using:

http://gborg.postgresql.org/projects/oledb


-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/



pgsql-hackers by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: CVS configure failure
Next
From: dom@happygiraffe.net (Dominic Mitchell)
Date:
Subject: SSL Support