I sympathize, but using a prepared statement parameter requires support for the type of the parameter. If the library doesn't support it, you'll need to use strings (and escape them appropriately, though it looks like the library doesn't provide a string-escaping function), or else patch the library to provide support.
> On Jan 17, 2016, at 7:35 PM, Alexis King <[email protected]> wrote: > > I would like to avoid interpolating into a query if at all possible, > given that this string is not something I control. I could be very > careful about validating or sanitizing it, but this is a pretty textbook > use case for parameterized queries. > >> On Jan 17, 2016, at 16:19, Jon Zeppieri <[email protected]> wrote: >> >> How about: (query-exec conn (format "INSERT INTO some_table (ip) VALUES >> (inet '~a')" client-ip)) > -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
