Hi Guillaume, On Wed, Dec 31, 2008 at 1:12 AM, Guillaume Smet <guillaume.smet@xxxxxxxxx> wrote: > On Tue, Dec 30, 2008 at 7:59 PM, bricklen <bricklen@xxxxxxxxx> wrote: >> I would like to continue to use bind variables to prevent sql >> injection, but I'd like to force a plan re-parse for every single >> query (if necessary?) > > As far as I understand your problem, you don't care about using > prepared statements. > > If so, you can: > - either use pg_query_params(): > http://www.php.net/manual/en/function.pg-query-params.php > - or use an unnamed prepared statements when you don't want a prepared > statement if, for some reason, you really need to use prepared > statements in a few cases: you can specify an empty string as plan > name. The condition for this one is that you need to upgrade to a > recent version of 8.3 as postponed planning of unnamed prepared > statements is a new feature of 8.3 and was broken in 8.3.0 and 8.3.1. > > -- > Guillaume > I will look into the pg_query_params() function to see if it works for us. I don't think your second suggestion is going to work for us, since we are stuck on 8.2 for the foreseeable future. Thanks for the tips though, I appreciate it! Bricklen -- Sent via pgsql-performance mailing list (pgsql-performance@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-performance
