Re: No parameters support in "create user"?

Shachar Shemesh wrote:
> Tom Lane wrote:
> 
>> Parameters are only supported in plannable statements
>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>> CURSOR these days too).
>>  
>>
> That's a shame.
> 
> Aside from executing prepared statements, parameters are also useful for 
> preventing SQL injections. Under those cases, they are useful for all 
> commands, not only those that can be prepared.
> 
> Oh well. I'm not sure whether that's extremely clever or downright 
> insane, but I'm solving this problem by calling "Select 
> quote_literal($1)" and "select quote_id($1)", and then using the results.

Create your own plpgsql function and call it.


Regards
Gaetano Mendola