You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PQexec directly runs a single string command and returns a result.
PQexecParams implements a parameterized statement.
Placeholders are represented in the command as $1, $2, etc.,
and the parameter values are supplied as separate parameters in the same call.
PQprepare implements a prepared statement.
It takes a statement with placeholders and
submits it to the database to be prepared.
Users can later use the separate PQexecPrepared call
to provide the placeholder parameter values and execute the resulting
command.
Users should use the latter two for non-constant queries.
The text was updated successfully, but these errors were encountered:
Warn when PostgreSQL's PQExec is called with a non-constant, to warn about SQL injection.
The PostgreSQL
libpqC interface provides several functions, as explained in the PostgreSQL (Command Execution Functions) documentation:PQexecdirectly runs a single string command and returns a result.PQexecParamsimplements a parameterized statement.Placeholders are represented in the command as
$1,$2, etc.,and the parameter values are supplied as separate parameters in the same call.
PQprepareimplements a prepared statement.It takes a statement with placeholders and
submits it to the database to be prepared.
Users can later use the separate
PQexecPreparedcallto provide the placeholder parameter values and execute the resulting
command.
Users should use the latter two for non-constant queries.
The text was updated successfully, but these errors were encountered: