On 29/10/2013 9:32 PM, Yanni Chiu wrote:
Looking at the postgres docs, I see PREPARE and EXECUTE. I'll try to
start up a postgres server, and see if I can get it to work.
Here's an example:
TestPGConnection new executeAll: #(
'PREPARE test1 (text,text,integer,text) AS
INSERT INTO films (code, title, did, kind)
VALUES ($1,$2,$3,$4)'
'EXECUTE test1(''T_601'', ''Yojimbo'', 106, ''Drama'')'
).
TestPGConnection new executeAll: #(
'PREPARE test2 (text) AS SELECT * FROM films WHERE code LIKE $1'
'EXECUTE test2(''%0%'')'
).
TestPGConnection new executeAll: #(
'EXECUTE test2(''%1%'')'
).
But, the third example returned:
ERROR: prepared statement "test2" does not exist
So it seems to not remember the prepared statements across connection
cycles. Re-sending the prepared statement isn't good for performance,
but it does solve your security issue.
