On 2012-09-11, Raymond O'Donnell <rod@xxxxxx> wrote: > > BTW, it's a REALLY bad idea to build literal SQL queries from input > values, as you're doing - you should use parameters and > pg_query_params() instead. Although (still) marked "experimental" pg_insert and pg_update work really well the more recent pg_query_params still seems kind of dodgy. -- ⚂⚃ 100% natural -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
