Re: DBD::PgSPI 0.02

Michael Fuhr <mike@fuhr.org>

From: Michael Fuhr <mike@fuhr.org>
To: alex@pilosoft.com
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Andrew Dunstan <andrew@dunslane.net>, Mike Rylander <mrylander@gmail.com>, pgsql-hackers@postgresql.org
Date: 2004-12-06T20:16:34Z
Lists: pgsql-hackers, pgsql-general
On Mon, Dec 06, 2004 at 03:02:45PM -0500, alex@pilosoft.com wrote:
> On Mon, 6 Dec 2004, Michael Fuhr wrote:
> 
> > On Mon, Dec 06, 2004 at 02:34:33PM -0500, alex@pilosoft.com wrote:
> > > 
> > > For quick access from trusted code, spi_exec should just do fine.
> > 
> > BTW, does stock PL/Perl have functions for escaping identifiers,
> > strings, and binary strings?
>
> non-DBI? no.
> 
> DBI? yes, $pg_dbh->quote('foo')

Yeah, I know about DBI, but since we currently can't use it in
trusted code I was wondering what we *could* use.  With DBI I'd be
using placeholders wherever possible, but unless I've missed something
spi_exec_query() requires values to be interpolated into the query
string.  Danger, danger.

-- 
Michael Fuhr
http://www.fuhr.org/~mfuhr/