Gaetano Mendola wrote:
Shachar Shemesh wrote:
Tom Lane wrote:
Parameters are only supported in plannable statements
(SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
CURSOR these days too).
That's a shame.
Aside from executing prepared statements, parameters are also useful for preventing SQL injections. Under those cases, they are useful for all commands, not only those that can be prepared.
Oh well. I'm not sure whether that's extremely clever or downright insane, but I'm solving this problem by calling "Select quote_literal($1)" and "select quote_id($1)", and then using the results.
Create your own plpgsql function and call it.
In a way you can say I did `-). This is what I'm using:
http://gborg.postgresql.org/projects/oledb
-- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/
---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
