I know I should be using pg_prepare/pg_execute to make my PHP -
postgres code more secure. But I am wondering just what I can put in
for parameters: Here is a brief checklist:
1. values for inserted columns OK
2. names of inserted columns ????
3. names of tables ????
4. A whole select list e.g. "fu, bar" NOT OK
My application is a bit more complex than the ones shown in the books
and manuals. My data comes in as a large number of individual tables
which are sort of related (worldwide mortality statistics) but which
have widely differing table structures. So I am always creating
temporary tables to handle data input and output, and these tables have
variable column structure.
Thanks in advance