Thanks for the replies,
Rodrigo E. De León Plicet [EMAIL PROTECTED] wrote:
Use a prepared query and ANY, e.g.:
select st_collect(the_geom) from tiles
where tilename = any('{foo,bar,baz}');
Thanks, that's what I was looking for!
$sql = select uid, accredited as acc, x(the_geom), y(the_geom) from
Steve Atkins wrote:
...
I count the number of values that I want to put in the IN () clause,
then create a query string with the right number of bind variables
in the in clause, then bind the values.
So for {1, 3, 5} I'd use select * from foo where bar in (?, ?, ?) and for
{1,5,7,9,11} I'd use
Hi All
I hope this isn't a FAQ, but does anyone have any suggestions as to
how to make a query that selects using:
where in(comma delimited list)
secure from an sql injection point of view?
I have grid of tiles I'm using to reference geographical points.
These tiles are identical to the tiling
I hope this isn't a FAQ, but does anyone have any
suggestions as to
how to make a query that selects using:
where in(comma delimited list)
secure from an sql injection point of view?
As the length of the comma delimited list is highly
variable I don't
think I can use a prepared query
On Thu, Apr 3, 2008 at 11:50 AM, William Temperley
[EMAIL PROTECTED] wrote:
This works very well, however I'm currently directly concatenating a sql
query:
select st_collect(the_geom) from tiles where tilename in
(comma delimited list))
Which leaves my application vulnerable to sql
On Thu, Apr 3, 2008 at 9:50 AM, William Temperley
[EMAIL PROTECTED] wrote:
Hi All
I hope this isn't a FAQ, but does anyone have any suggestions as to
how to make a query that selects using:
where in(comma delimited list)
secure from an sql injection point of view?
I have an idea, but I
On Apr 3, 2008, at 9:50 AM, William Temperley wrote:
Hi All
I hope this isn't a FAQ, but does anyone have any suggestions as to
how to make a query that selects using:
where in(comma delimited list)
secure from an sql injection point of view?
I have grid of tiles I'm using to reference
William Temperley wrote:
Hi All
I hope this isn't a FAQ, but does anyone have any suggestions as to
how to make a query that selects using:
where in(comma delimited list)
secure from an sql injection point of view?
I have grid of tiles I'm using to reference geographical points.
These tiles