At 10:30 PM 1/29/03 +0000, Nigel J. Andrews wrote:
>psql> create table mytab ( thetime timestamptz );
> $sth = $dbh->prepare('insert into mytab values ( ? )');
>where $thetime could hold 2003-01-29 13:45:06+00 _or_ current_timestamp.
>So just how do others manage this situation without resorting to special
I use 'now' instead of current_timestamp. Despite current_timestamp being
the SQL standard, I figure 'now' is the way to go. Based on recent posts I
gather that the developers have no plans to break that, so it'll be fine to
Naturally it doesn't work if the field type is text.
Loosely looking for current_timestamp and then not filtering can be
dangerous in uncontrolled environments. e.g. webapps - users could put
current_timestamp in a cgi parameter followed by not so nice SQL.
I suggest you put the functions and stuff in the main SQL, and leave the
placeholders for the data/variables. That way the changeable stuff gets
quoted, and the static stuff is known to be safe.
Hope this helps,
pgsql-general by date
|Next:||From: Lincoln Yeoh||Date: 2003-01-30 07:38:54|
|Subject: Re: Website troubles|
|Previous:||From: Dann Corbit||Date: 2003-01-30 07:16:25|
|Subject: Re: mass import to table with unique index|