2010/12/5 Marc Balmer <m...@msys.ch>: > I am suggesting adding a function to libpq: > > PGresult *PQvexec(PGconn *conn, const char *fmt, ...); > > It behaves similar to PQexec, but it allows for printf style varargs and > does connection re-establishing if the connection fails (it can be > discussed if this already to much magic, maybe remove this part). It > has been carefully designed to handle memory the right way. We use this > since a long time. > > What do you think? >
It's depend on implementation, but it can be a great security hole - see SQL injection Regards Pavel Stehule > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > > -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
