| From: | Oliver Jowett <oliver(at)opencloud(dot)com> |
|---|---|
| To: | Justin Waddell <jwaddell(at)gmail(dot)com> |
| Cc: | pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: Cannot use prepared statements with create user command |
| Date: | 2006-08-23 06:31:50 |
| Message-ID: | 44EBF656.2000000@opencloud.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
Justin Waddell wrote:
>> From my research into this problem it seems like prepared statements
> have been deliberately left out of the create user command as they use
> a different type of parameter; this would be fine if the security hole
> wasn't there!
The JDBC driver can only put parameters in where the server-side grammar
allows it (it does not interpolate parameter values into the actual
query, it puts $1,$2,... placeholders in place of the ? placeholders and
passes the actual parameter values out-of-line from the query itself).
If you want to change the grammar, you need to take this up with the
backend developers.. the JDBC driver can't do anything about it.
-O
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Oliver Jowett | 2006-08-23 06:33:16 | Re: [JDBC] org.postgresql.util.PSQLException: An I/O error occured |
| Previous Message | surabhi.ahuja | 2006-08-23 05:12:34 | PSQLException An I/O error occured while sending to the backend |