I tried to do this:
COPY postgres_log FROM $1 WITH csv;
And with a separately sent file path, like I make all normal queries (SELECT/UPDATE/INSERT/DELETE). However, it gives:
ERROR: syntax error at or near "$1"
Um… So does that mean that I'm forced to send it a scary string like this?
COPY postgres_log FROM '/full/path/to/logfileblablabla.csv' WITH csv;
If so, why? Why don't all query types support the parameterized queries interface? Isn't this like asking to enable SQL query injection vulnerabilities?