Am Dienstag, den 25.10.2005, 10:24 +0530 schrieb surabhi.ahuja:
> oops i am sorry,
> i mean from the client i ll be getting values (which i need to insert
> into the table) in the form of strings:
>
> and i form the insert command as follows:
>
> function(char *a, char *b, char *c)
> {
> char command[1024];
> sprintf(command, "select insert('%s','%s','%s')", a,b,c);
> execute the above command;
> }
>
> the above is just the pseudo code
>
> the stored procedure in turn is as follows (psudocode):
>
> insert(smallint , smallint, varchar(256))
> begin
> insert into table 1 values ($1, $2, $3);
> end
I'm not sure this serves much purpose if it isnt just
for experimenting ;)
char -> int is simply done by casting (even automatically)
so your insert reduces to:
INSERT INTO table1 (col_a,col_b,col_c) VALUES (a,b,c);
(with or w/o stored function)
simply sprintf into a string can be a very serious
security hole btw.
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
