On 29/10/2013 9:32 PM, Yanni Chiu wrote:
Looking at the postgres docs, I see PREPARE and EXECUTE. I'll try to
start up a postgres server, and see if I can get it to work.
Here's an example:
TestPGConnection new executeAll: #(
'PREPARE test1 (text,text,integer,text) AS
INSERT INTO films (c
On 29/10/2013 4:56 AM, Esteban A. Maringolo wrote:
I remember using prepared statements with PG back in PG 6.x with Perl's
DBD::Pg, it was the recommended practice back then (circa '00).
Hmm, you're right. Prepared statements are independent of the
frontend/backend protocol that I had tunnel
Hi Yanni,
Then how do people sanitize the values to avoid SQL Injection?
I remember using prepared statements with PG back in PG 6.x with Perl's
DBD::Pg, it was the recommended practice back then (circa '00).
As another example, some years ago we had some CPU issues with the DB
server (Oracle 9
On 28/10/2013 1:59 PM, Esteban A. Maringolo wrote:
I'm using PGConnection from the PostgresV2 package.
conn execute: 'SELECT * FROM MYTABLE WHERE COLUMN = ?' withAll: (Array with:
columnValue)
How can I do this?
You cannot do it with the V2 protocol. I just looked over the postgres
docs at:
I'm using PGConnection from the PostgresV2 package.
I'd like to use prepared statements to avoid SQL Injection and continuous
recompilation of the query.
Ej:
conn execute: 'SELECT * FROM MYTABLE WHERE COLUMN = ?' withAll: (Array with:
columnValue)
How can I do this?
Regards,
--
View this
