Why are only select, insert, update, and delete supported for $X binds?
Why can't preparation be used as a global anti-injection facility?
Example using the backend protocol for binds:
PREPARE TRANSACTION $1;
bind $1 ['text']
-->syntax error at $1
Why am I able to prepare statements with the backend protocol that I
can't prepare with PREPARE:
agentm=# prepare gonk as prepare transaction $1;
ERROR: syntax error at or near "prepare" at character 17
LINE 1: prepare gonk as prepare transaction $1;
whereas the backend protocol only emits an error when the statement is
executed [and the binds are ignored].
-M
¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬
AgentM
[EMAIL PROTECTED]
¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬ ¬
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
