This PR queries Postgres using simple queries, rather than prepared statements. This allows Flodgatt to work with PG Bouncer, which does not support prepared statements.
One downside to moving away from prepared statements is that prepared statements fully prevent SQL injection attacks; this change gives up that protection and instead relies on sanitizing input. Because our only user-supplied input is alphanumeric, this should be reliable, but I still want to flag it here since prepared statements are generally considered best practice.
This PR queries Postgres using simple queries, rather than prepared statements. This allows Flodgatt to work with PG Bouncer, which does not support prepared statements.
One downside to moving away from prepared statements is that prepared statements fully prevent SQL injection attacks; this change gives up that protection and instead relies on sanitizing input. Because our only user-supplied input is alphanumeric, this should be reliable, but I still want to flag it here since prepared statements are generally considered best practice.