The latest driver on sourceforge includes pseudo-bind variable
support. Even more importantly (since you hardly really need to use
explicit bind list), the cool ns_ora feature to automatically look up
Tcl values for you works.
A query like this:
ns_pg_bind select $db "select foo from bar where foo_key = :tcl_value"
will lookup tcl_value in your Tcl environment, then do the equivalent of:
ns_db select $db "select foo from bar where foo_key = '$tcl_value'"
The value's quoted so you can't do SQL smuggling ('35' and 35 used for
values in PG result in *exactly* the same query plan and '35 union
select <smuggled sql>' will give a string-to-int conversion error).
Even better, ns_pg_bind does the equivalent of DoubleApos so you don't
need to do that yourself anymore (Oracle bind vars are real values so
you don't need to DoubleApos them so ns_pg_bind does it for you to
keep the db api the same for both).
All this is in the current driver and has been somewhat tested by Dan
and I (Dan did most of the work).
I expect to commit the first version of the PG 4x db api tomorrow or
wednesday AM...
