2010/3/17 Allan Kamau :
> When writing dynamic commands (those having "EXECUTE 'some SQL
> query';), is there a way to prevent interpretation of input parameters
> as pieces of SQL commands? Does quote_literal() function implicitly
> protect against this unwanted behaviour.
quote_literal, quote_id
On Wed, Mar 17, 2010 at 11:41 AM, Craig Ringer
wrote:
> Allan Kamau wrote:
>> When writing dynamic commands (those having "EXECUTE 'some SQL
>> query';), is there a way to prevent interpretation of input parameters
>> as pieces of SQL commands?
>
> EXECUTE ... USING
>
> --
> Craig Ringer
>
Thanks
Allan Kamau wrote:
> When writing dynamic commands (those having "EXECUTE 'some SQL
> query';), is there a way to prevent interpretation of input parameters
> as pieces of SQL commands?
EXECUTE ... USING
--
Craig Ringer
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To m
When writing dynamic commands (those having "EXECUTE 'some SQL
query';), is there a way to prevent interpretation of input parameters
as pieces of SQL commands? Does quote_literal() function implicitly
protect against this unwanted behaviour.
Allan.
--
Sent via pgsql-general mailing list (pgsql-