SPI_execute_with_args
SPI_execute_with_args — execute a command with out-of-line parameters
Synopsis
int SPI_execute_with_args(const char *command, intnargs, Oid *argtypes, Datum *values, const char *nulls, boolread_only, longcount)
Description
SPI_execute_with_args executes a command that might include references to externally supplied parameters. The command text refers to a parameter as$, and the call specifies data types and values for each such symbol.nread_only andcount have the same interpretation as inSPI_execute.
The main advantage of this routine compared toSPI_execute is that data values can be inserted into the command without tedious quoting/escaping, and thus with much less risk of SQL-injection attacks.
Similar results can be achieved withSPI_prepare followed bySPI_execute_plan; however, when using this function the query plan is always customized to the specific parameter values provided. For one-time query execution, this function should be preferred. If the same command is to be executed with many different parameters, either method might be faster, depending on the cost of re-planning versus the benefit of custom plans.
Arguments
const char *commandcommand string
intnargsnumber of input parameters (
$1,$2, etc.)Oid *argtypesan array of length
nargs, containing theOIDs of the data types of the parametersDatum *valuesan array of length
nargs, containing the actual parameter valuesconst char *nullsan array of length
nargs, describing which parameters are nullboolread_onlylongcount