On Wed, Jun 22, 2011 at 8:49 AM, Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
> Hi list,
> As of '39.5: plpgsql-statements', it is said that using '$n' instead of a named
> variable is prefered and less sensitive to a SQL injection.
> Does it really mean if I use $n I don't have to 'quote_xxxxxx' any of these
that is correct. (by the way, we are talking about dynamic statements
with 'execute' here).
In response to
pgsql-novice by date
|Next:||From: Jean-Yves F. Barbier||Date: 2011-06-22 19:05:33|
|Subject: Re: to escape or not to|
|Previous:||From: Jean-Yves F. Barbier||Date: 2011-06-22 13:53:56|
|Subject: change to session_user in a security definer function|