Re: No parameters support in "create user"?

Gaetano Mendola wrote:

> Shachar Shemesh wrote:
>
>> Tom Lane wrote:
>>
>>> Parameters are only supported in plannable statements
>>> (SELECT/INSERT/UPDATE/DELETE; I think there is some hack for DECLARE
>>> CURSOR these days too).
>>>  
>>>
>> That's a shame.
>>
>> Aside from executing prepared statements, parameters are also useful 
>> for preventing SQL injections. Under those cases, they are useful for 
>> all commands, not only those that can be prepared.
>>
>> Oh well. I'm not sure whether that's extremely clever or downright 
>> insane, but I'm solving this problem by calling "Select 
>> quote_literal($1)" and "select quote_id($1)", and then using the 
>> results.
>
>
> Create your own plpgsql function and call it.

In a way you can say I did `-). This is what I'm using:

http://gborg.postgresql.org/projects/oledb


-- 
Shachar Shemesh
Lingnu Open Source Consulting ltd.
http://www.lingnu.com/