Search Postgresql Archives

Re: How does one make the following psql statement sql-injection resilient?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Monday, March 16, 2015, Alvaro Herrera <alvherre@xxxxxxxxxxxxxxx> wrote:
David G. Johnston wrote:

> Thanks!  I got the gist even with the typo.  I actually pondered about
> prepare/execute after hitting send.  Am I correct in remembering that
> "CREATE TEMP TABLE" cannot be prepared?  I was using the actual query with
> CREATE TEMP TABLE and then issuing "\copy" to dump the result out to the
> file.  The limitation of copy to having to be written on a single line
> makes the intermediary temporary table seem almost a necessity.

CREATE TEMP TABLE AS EXECUTE


Thanks.

Though unless I need to work on the temp table I think:

PREPARE ...;
\copy (EXECUTE ...) TO '~/temp.csv' ...;

Gives the best of all worlds.

David J.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux