Home > mailing lists

binds only for s,u,i,d? - Mailing list pgsql-hackers

From	Agent M
Subject	binds only for s,u,i,d?
Date	July 4, 2006 03:28:49
Msg-id	ea308f57eedbeb2bb52cc60d97a7c558@themactionfaction.com Whole thread Raw
Responses	Re: binds only for s,u,i,d? (Neil Conway <neilc@samurai.com>)
List	pgsql-hackers

Tree view

Why are only select, insert, update, and delete supported for $X binds?
Why can't preparation be used as a global anti-injection facility?

Example using the backend protocol for binds:
PREPARE TRANSACTION $1;
bind $1 ['text']
-->syntax error at $1

Why am I able to prepare statements with the backend protocol that I
can't prepare with PREPARE:
agentm=# prepare gonk as prepare transaction $1;
ERROR:  syntax error at or near "prepare" at character 17
LINE 1: prepare gonk as prepare transaction $1;

whereas the backend protocol only emits an error when the statement is
executed [and the binds are ignored].

-M


¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬
AgentM
agentm@themactionfaction.com
¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬

pgsql-hackers by date:

From: Greg Stark
Date: 04 July 2006, 01:23:12
Subject: Re: Transaction and table partitioning

From: Neil Conway
Date: 04 July 2006, 04:52:51
Subject: system info functions

binds only for s,u,i,d? - Mailing list pgsql-hackers

Previous

Next