On 2012-09-11, Raymond O'Donnell <[email protected]> wrote: > > BTW, it's a REALLY bad idea to build literal SQL queries from input > values, as you're doing - you should use parameters and > pg_query_params() instead.
Although (still) marked "experimental" pg_insert and pg_update work really well the more recent pg_query_params still seems kind of dodgy. -- ⚂⚃ 100% natural -- Sent via pgsql-general mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
