Hi Yanni,
Then how do people sanitize the values to avoid SQL Injection? I remember using prepared statements with PG back in PG 6.x with Perl's DBD::Pg, it was the recommended practice back then (circa '00). As another example, some years ago we had some CPU issues with the DB server (Oracle 9i), because our ORM generated lots of queries, and each query needed to be compiled every time we ran it with different values. Is there a plan to add support for this? My main concern now it's not CPU but security. Thanks in advance! Esteban A. Maringolo 2013/10/29 Yanni Chiu <[email protected]> > On 28/10/2013 1:59 PM, Esteban A. Maringolo wrote: > >> I'm using PGConnection from the PostgresV2 package. >> >> conn execute: 'SELECT * FROM MYTABLE WHERE COLUMN = ?' withAll: (Array >> with: >> columnValue) >> >> >> How can I do this? >> > > You cannot do it with the V2 protocol. I just looked over the postgres > docs at: > > http://www.postgresql.org/**docs/7.4/static/protocol.html<http://www.postgresql.org/docs/7.4/static/protocol.html> > > http://www.postgresql.org/**docs/7.3/static/protocol.html<http://www.postgresql.org/docs/7.3/static/protocol.html> > > The feature you want is called "Extended Query" in the postgres docs, and > is appears in PostgreSQL 7.4, but not in PostgreSQL 7.3. > > Note also that the V2 Frontend/Backend Protocol is used for PostgreSQL > 7.3., whereas the V3 Protocol is used for PostgreSQL 7.4. > >
