Home > mailing lists

Re: Secure "where in(a,b,c)" clause. - Mailing list pgsql-general

From	Tino Wildenhain
Subject	Re: Secure "where in(a,b,c)" clause.
Date	April 4, 2008 18:57:19
Msg-id	47F635B9.60504@wildenhain.de Whole thread Raw
In response to	Re: Secure "where in(a,b,c)" clause. (Steve Atkins <steve@blighty.com>)
List	pgsql-general

Tree view

Steve Atkins wrote:
...
> I count the number of values that I want to put in the IN () clause,
> then create a query string with the right number of bind variables
> in the in clause, then bind the values.
>
> So for {1, 3, 5} I'd use "select * from foo where bar in (?, ?, ?)" and for
> {1,5,7,9,11} I'd use "select * from foo where bar in (?, ?, ?, ?, ?)"
>
> Then, in perl-speak, I prepare that string into a query, loop through
> all my values and bind them one by one, then execute the query.

You mean something like:

items=(1,2,5,6,9)

cursor.execute("SELECT ... FROM foo where bar in (%s)" %
','.join('?'*len(items)),items)

? :-)

Oh.. I forgot he said PHP...

SCNR
Tino

pgsql-general by date:

From: Glyn Astill
Date: 04 April 2008, 18:54:24
Subject: ERROR: XX000: cache lookup failed for relation

From: Craig Ringer
Date: 04 April 2008, 19:02:00
Subject: Re: Conversion to 8.3

Re: Secure "where in(a,b,c)" clause. - Mailing list pgsql-general

Previous

Next