Re: DBD::PgSPI 0.02
Michael Fuhr <mike@fuhr.org>
From: Michael Fuhr <mike@fuhr.org>
To: alex@pilosoft.com
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andrew Dunstan <andrew@dunslane.net>, Mike Rylander <mrylander@gmail.com>, pgsql-hackers@postgresql.org
Date: 2004-12-06T20:16:34Z
Lists: pgsql-hackers, pgsql-general
On Mon, Dec 06, 2004 at 03:02:45PM -0500, alex@pilosoft.com wrote:
> On Mon, 6 Dec 2004, Michael Fuhr wrote:
>
> > On Mon, Dec 06, 2004 at 02:34:33PM -0500, alex@pilosoft.com wrote:
> > >
> > > For quick access from trusted code, spi_exec should just do fine.
> >
> > BTW, does stock PL/Perl have functions for escaping identifiers,
> > strings, and binary strings?
>
> non-DBI? no.
>
> DBI? yes, $pg_dbh->quote('foo')
Yeah, I know about DBI, but since we currently can't use it in
trusted code I was wondering what we *could* use. With DBI I'd be
using placeholders wherever possible, but unless I've missed something
spi_exec_query() requires values to be interpolated into the query
string. Danger, danger.
--
Michael Fuhr
http://www.fuhr.org/~mfuhr/