In a number of places on the web I've seen it claimed that ordering can be set
via prepared statements. Indeed, the expected syntax is accepted on my 9.3
server without errors:
sandbox=# CREATE TABLE test (
id serial PRIMARY KEY,
gender char
);
sandbox=# INSERT INTO test(gender) VALUES('m')
Sorry, I can't find any now. It's cropped up in a few forums, in the context of
executing queries from web services. Clearly not significantly enough to show
up in Google...
- Reply message -
From: Adrian Klaver adrian.kla...@aklaver.com
To: Bryn Jeffries bryn.jeffr...@sydney.edu.au
Paul Jungwirth wrote
I'm not sure how to make a prepared statement that lets you name a
column when you execute it. Maybe someone else can chime in if that's
possible.
David J. responded
You cannot. By definition parameters, in this context, are values - not
identifiers.
[...]
In both
Hi,
I have a question about preventing SET ROLE from being reset within a session.
I'll give some context for my question, but please note that the question is
not restricted to the technologies (XWiki, Groovy) that I'm using.
I'm working with a PostgreSQL 9.3 database that is interfaced via
Tom Lane wrote
I have a question about preventing SET ROLE from being reset within a
session.
You can't; per SQL standard, SET ROLE NONE is supposed to do exactly that.
I think you might be able to do something with invoking untrusted code
inside a SECURITY DEFINER function. That context
Melvin Davidson wrote:
The problem for me is that SET ROLE can be reversed with SET ROLE
NONE or RESET ROLE, so a user could set the role to access rows that
they should not be able to see.
This is only partially true. While they can do SET ROLE NONE RESET ROLE,
they Cannot SET ROLE to a
