Thread: SET prepared statement
Hello,
We currently use prepared statements for most of the work an app does, as an SQL injection protection and for other reasons.
There's one statement which can't be prepared:
SET LOCAL myprefix.mysetting = 'my setting value';
Ideally, I'd like to be able to do
PREPARE test(text) as SET LOCAL myprefix.mysetting = $1;
but this isn't supported (currently on PG 9.3)
I suspect the answer is 'no' but no harm in asking if it's likely to be considered in future. I can't see it here: https://wiki.postgresql.org/wiki/Todo
Oliver
Hello,We currently use prepared statements for most of the work an app does, as an SQL injection protection and for other reasons.There's one statement which can't be prepared:SET LOCAL myprefix.mysetting = 'my setting value';Ideally, I'd like to be able to doPREPARE test(text) as SET LOCAL myprefix.mysetting = $1;but this isn't supported (currently on PG 9.3)I suspect the answer is 'no' but no harm in asking if it's likely to be considered in future. I can't see it here: https://wiki.postgresql.org/wiki/Todo
Given that you can simply use the "set_config(...)" function I'd say that this command will have not particular in the decision work on improving this limitation in the system.
David J.
On 13 Apr 2016, at 16:48, David G. Johnston <david.g.johnston@gmail.com> wrote:Hello,We currently use prepared statements for most of the work an app does, as an SQL injection protection and for other reasons.There's one statement which can't be prepared:SET LOCAL myprefix.mysetting = 'my setting value';Ideally, I'd like to be able to doPREPARE test(text) as SET LOCAL myprefix.mysetting = $1;but this isn't supported (currently on PG 9.3)I suspect the answer is 'no' but no harm in asking if it's likely to be considered in future. I can't see it here: https://wiki.postgresql.org/wiki/TodoGiven that you can simply use the "set_config(...)" function I'd say that this command will have not particular in the decision work on improving this limitation in the system.David J.
Ah excellent, I should have seen that, thanks.
Oliver