Using parameter values for schema and table in Postgresql

后端 未结 1 423
逝去的感伤
逝去的感伤 2021-01-26 20:32

I\'m trying to use a query where the schema and table are passed as parameters into a prepared statement using pg_quer

相关标签:
1条回答
  • 2021-01-26 20:57

    In a parameterized SQL statement (which is a prepared statement in PostgreSQL), parameters can only stand for constant values, not for table or column names.

    This limitation is enforced by PostgreSQL, and there is no way around it, no matter what programming language or driver you use. This is also intentional and not a bug.

    You will have to compose a string that contains the complete SQL statement with table and column names substituted and execute that. Beware of SQL injection – use functions like pg_escape_identifier to escape names.

    0 讨论(0)
提交回复
热议问题