Re: Protection from SQL injection

"Scott Marlowe" <scott.marlowe@gmail.com> writes:
> Agreed.  My point was that to do what the OP wants, wouldn't it make
> more sense to just lobotomize libpq so it doesn't understand anything
> but prepared queries.

I doubt that that particular lobotomization accomplishes much in
comparison to the penalties.

IIRC there was some discussion recently of providing a mode in which
the server would reject PQexec strings containing more than one query.
I didn't care for it much at the time, but I think it would provide
most of the benefit of these suggestions with far less compatibility
or performance hit.
        regards, tom lane