Skip site navigation (1) Skip section navigation (2)

Re: No parameters support in "create user"?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Shachar Shemesh <psql(at)shemesh(dot)biz>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: No parameters support in "create user"?
Date: 2004-09-20 17:29:01
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Shachar Shemesh <psql(at)shemesh(dot)biz> writes:
> Tom Lane wrote:
>> Parameters are only supported in plannable statements
>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>> CURSOR these days too).

> That's a shame.

> Aside from executing prepared statements, parameters are also useful for 
> preventing SQL injections. Under those cases, they are useful for all 
> commands, not only those that can be prepared.

Sure.  Are you volunteering to fix it?

			regards, tom lane

In response to

pgsql-hackers by date

Next:From: FxDate: 2004-09-20 17:32:09
Subject: How to change/replace an in-memory palloced tuple- tuple data
Previous:From: Tom LaneDate: 2004-09-20 17:24:47
Subject: Re: libpq and prepared statements progress for 8.0

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group