Surprised that this works:
echo ":foo" | psql --variable foo="SELECT 1 AS FOO;" template1
Why doesn't `psql` escape parameters passed in through `--variable`. When I use
a library in other languages, they will escape the variable.
How do I use `psql` from `bash` so that it will escape variables and thwart SQL
injection?
--
Alan Gutierrez - @bigeasy
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
