| From: | Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | pg_prepare question |
| Date: | 2008-03-07 18:21:08 |
| Message-ID: | 47D18794.1020309@demog.berkeley.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Hi,
I know I should be using pg_prepare/pg_execute to make my PHP -
postgres code more secure. But I am wondering just what I can put in
for parameters: Here is a brief checklist:
1. values for inserted columns OK
2. names of inserted columns ????
3. names of tables ????
4. A whole select list e.g. "fu, bar" NOT OK
My application is a bit more complex than the ones shown in the books
and manuals. My data comes in as a large number of individual tables
which are sort of related (worldwide mortality statistics) but which
have widely differing table structures. So I am always creating
temporary tables to handle data input and output, and these tables have
variable column structure.
Thanks in advance
Mary
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Raimon Fernandez | 2008-03-07 18:49:04 | Re: numeric definition advice |
| Previous Message | Tom Lane | 2008-03-07 13:37:30 | Re: numeric definition advice |