Michael Fuhr wrote:
DBI? yes, $pg_dbh->quote('foo')
Yeah, I know about DBI, but since we currently can't use it in
trusted code I was wondering what we *could* use. With DBI I'd be
using placeholders wherever possible, but unless I've missed something
spi_exec_query() requires values to be interpolated into the query
string. Danger, danger.
One of the relatively unnoticed features of 8.0's plperl is %_SHARED. This is a hash available to all trusted and untrusted code, and can be used to store arbitrary objects. That includes references to subroutines. So you could have an init function that you call once per session that sets up some utility functions for you and stores them there. Writing a quote function shuld not be too hard. (Some automatically called init code is another item on the plperl agenda.)
moderately tested example:
-- set up the quote function CREATE OR REPLACE FUNCTION myfuncs() RETURNS void LANGUAGE plperl AS $$
$_SHARED{myquote} = sub
{my $arg = shift;
$arg =~ s/(['\\])/\\$1/g;
return "'$arg'";
};
$$;
SELECT myfuncs();
-- set up a function that uses the quote function CREATE OR REPLACE FUNCTION use_quote(text) RETURNS text LANGUAGE plperl AS $$
my $text_to_quote = shift;
my $qfunc = $_SHARED{myquote};
return &$qfunc($text_to_quote);$$;
SELECT use_quote($$bl\ur'fl$$);
cheers
andrew
---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives?
http://archives.postgresql.org
