pg_prepare question - Mailing list pgsql-novice

From Mary Anderson
Subject pg_prepare question
Date
Msg-id 47D18794.1020309@demog.berkeley.edu
Whole thread Raw
Responses Re: pg_prepare question  (John DeSoi <desoi@pgedit.com>)
List pgsql-novice
Hi,
   I know I should be using pg_prepare/pg_execute to make my PHP -
postgres code more secure.  But I am wondering just what I can put in
for parameters:  Here is a brief checklist:

     1.  values for inserted columns            OK
     2.  names of inserted columns              ????
     3.  names of tables                        ????
     4.  A whole select list e.g. "fu, bar"     NOT OK

My application is a bit more complex than the ones shown in the books
and manuals.  My data comes in as a large number of individual tables
which are sort of related (worldwide mortality statistics) but which
have widely differing table structures.  So I am always creating
temporary tables to handle data input and output, and these tables have
variable column structure.

Thanks in advance
Mary

pgsql-novice by date:

Previous
From: Tom Lane
Date:
Subject: Re: numeric definition advice
Next
From: Raimon Fernandez
Date:
Subject: Re: numeric definition advice