Re: [HACKERS] No parameters support in create user?
Gaetano Mendola wrote: Shachar Shemesh wrote: Tom Lane wrote: Parameters are only supported in plannable statements (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE CURSOR these days too). That's a shame. Aside from executing prepared statements, parameters are also useful for preventing SQL injections. Under those cases, they are useful for all commands, not only those that can be prepared. Oh well. I'm not sure whether that's extremely clever or downright insane, but I'm solving this problem by calling Select quote_literal($1) and select quote_id($1), and then using the results. Create your own plpgsql function and call it. In a way you can say I did `-). This is what I'm using: http://gborg.postgresql.org/projects/oledb -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ ---(end of broadcast)--- TIP 8: explain analyze is your friend
[HACKERS] No parameters support in create user?
Hi list, When I try to create a user using the create user SQL command, where the command is being executed using the PQexecParams function from libpq, and the username and password are passed as text (oid 0x19) parameters (binary), I get a syntax error. The command I'm doing is: create user $1 with encrypted password $2 Any idea why this is not working? Is it supposed to work? Trying to pass only the password as a parameter does not work either. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [HACKERS] No parameters support in create user?
Shachar Shemesh [EMAIL PROTECTED] writes: create user $1 with encrypted password $2 Any idea why this is not working? Parameters are only supported in plannable statements (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE CURSOR these days too). regards, tom lane ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [HACKERS] No parameters support in create user?
Tom Lane wrote: Parameters are only supported in plannable statements (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE CURSOR these days too). That's a shame. Aside from executing prepared statements, parameters are also useful for preventing SQL injections. Under those cases, they are useful for all commands, not only those that can be prepared. Oh well. I'm not sure whether that's extremely clever or downright insane, but I'm solving this problem by calling Select quote_literal($1) and select quote_id($1), and then using the results. Shachar -- Shachar Shemesh Lingnu Open Source Consulting ltd. http://www.lingnu.com/ ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [HACKERS] No parameters support in create user?
Shachar Shemesh [EMAIL PROTECTED] writes: Tom Lane wrote: Parameters are only supported in plannable statements (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE CURSOR these days too). That's a shame. Aside from executing prepared statements, parameters are also useful for preventing SQL injections. Under those cases, they are useful for all commands, not only those that can be prepared. Sure. Are you volunteering to fix it? regards, tom lane ---(end of broadcast)--- TIP 9: the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
Re: [HACKERS] No parameters support in create user?
Shachar Shemesh wrote: Tom Lane wrote: Parameters are only supported in plannable statements (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE CURSOR these days too). That's a shame. Aside from executing prepared statements, parameters are also useful for preventing SQL injections. Under those cases, they are useful for all commands, not only those that can be prepared. Oh well. I'm not sure whether that's extremely clever or downright insane, but I'm solving this problem by calling Select quote_literal($1) and select quote_id($1), and then using the results. Create your own plpgsql function and call it. Regards Gaetano Mendola ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org