Home > mailing lists

Re: Cannot use prepared statements with create user command - Mailing list pgsql-jdbc

From	Oliver Jowett
Subject	Re: Cannot use prepared statements with create user command
Date	August 23, 2006 06:32:03
Msg-id	44EBF656.2000000@opencloud.com Whole thread Raw
In response to	Cannot use prepared statements with create user command ("Justin Waddell" <jwaddell@gmail.com>)
List	pgsql-jdbc

Tree view

Justin Waddell wrote:

>> From my research into this problem it seems like prepared statements
> have been deliberately left out of the create user command as they use
> a different type of parameter; this would be fine if the security hole
> wasn't there!

The JDBC driver can only put parameters in where the server-side grammar
allows it (it does not interpolate parameter values into the actual
query, it puts $1,$2,... placeholders in place of the ? placeholders and
passes the actual parameter values out-of-line from the query itself).
If you want to change the grammar, you need to take this up with the
backend developers.. the JDBC driver can't do anything about it.

-O

pgsql-jdbc by date:

From: "surabhi.ahuja"
Date: 23 August 2006, 05:09:07
Subject: PSQLException An I/O error occured while sending to the backend

From: Oliver Jowett
Date: 23 August 2006, 06:33:42
Subject: Re: org.postgresql.util.PSQLException: An I/O error occured

Re: Cannot use prepared statements with create user command - Mailing list pgsql-jdbc

Previous

Next