Surprised that this works:
echo ":foo" | psql --variable foo="SELECT 1 AS FOO;" template1Why doesn't `psql` escape parameters passed in through `--variable`. When I use a library in other languages, they will escape the variable. How do I use `psql` from `bash` so that it will escape variables and thwart SQL injection? -- Alan Gutierrez - @bigeasy -- Sent via pgsql-general mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
