Search Postgresql Archives

Re: PQexecParams, placeholders and variable lists of params

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 23, 2021 at 7:21 AM <tomas@xxxxxxxxxx> wrote:
Makes sense. Problem is, that, again, the application would be
responsible of making sure the individual values don't contain nasty
stuff (for example, if they are strings) before consolidating them to
one PostgreSQL array literal.


So long as you actually pass the literal value via a parameter the worst problem you can have is a syntax error in converting the literal into whatever type is being cast to.

I personally tend to just build up a CSV-like string (my data is usually controlled enough the using the pipe symbol as a separator alleviates escaping concerns) and using string_to_array($1,'|') to get the array of values into the query.

David J.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux