2010/3/17 Allan Kamau <kamauallan@xxxxxxxxx>: > When writing dynamic commands (those having "EXECUTE 'some SQL > query';), is there a way to prevent interpretation of input parameters > as pieces of SQL commands? Does quote_literal() function implicitly > protect against this unwanted behaviour. quote_literal, quote_identif are enough, but USING clause is better and faster. Sometimes you have to use a combination: execute 'select foo from ' || tabname::regclass || ' WHERE a = $1' USING value; Pavel > > Allan. > > -- > Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
