On Tue, Dec 30, 2008 at 7:59 PM, bricklen <bricklen@gmail.com> wrote:
> I would like to continue to use bind variables to prevent sql
> injection, but I'd like to force a plan re-parse for every single
> query (if necessary?)
As far as I understand your problem, you don't care about using
prepared statements.
If so, you can:
- either use pg_query_params():
http://www.php.net/manual/en/function.pg-query-params.php
- or use an unnamed prepared statements when you don't want a prepared
statement if, for some reason, you really need to use prepared
statements in a few cases: you can specify an empty string as plan
name. The condition for this one is that you need to upgrade to a
recent version of 8.3 as postponed planning of unnamed prepared
statements is a new feature of 8.3 and was broken in 8.3.0 and 8.3.1.
--
Guillaume
