From: | Mary Anderson <maryfran(at)demog(dot)berkeley(dot)edu> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org |
Subject: | pg_prepare question |
Date: | 2008-03-07 18:21:08 |
Message-ID: | 47D18794.1020309@demog.berkeley.edu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Hi,
I know I should be using pg_prepare/pg_execute to make my PHP -
postgres code more secure. But I am wondering just what I can put in
for parameters: Here is a brief checklist:
1. values for inserted columns OK
2. names of inserted columns ????
3. names of tables ????
4. A whole select list e.g. "fu, bar" NOT OK
My application is a bit more complex than the ones shown in the books
and manuals. My data comes in as a large number of individual tables
which are sort of related (worldwide mortality statistics) but which
have widely differing table structures. So I am always creating
temporary tables to handle data input and output, and these tables have
variable column structure.
Thanks in advance
Mary
From | Date | Subject | |
---|---|---|---|
Next Message | Raimon Fernandez | 2008-03-07 18:49:04 | Re: numeric definition advice |
Previous Message | Tom Lane | 2008-03-07 13:37:30 | Re: numeric definition advice |