I have up to 100 elements that I would like to insert in one batch operation. I do it like this:
INSERT INTO MyTable (f1, f2, ..., fk) VALUES
(v11, v12, ..., v1k),
(v21, v22, ..., v2k),
...
(vn1, vn2, ..., vnk)
Everything is fine, but I am building this line by combining the values as is, which means that my code is vulnerable to SQL injection.
How can I continue to use bulk insert syntax, on the one hand, but be protected from SQL injection?
EDIT 1
I would like to provide a little more context. The actual SQL that I am going to use (writing code at this very moment) has the following form:
WITH new_parent AS (
INSERT into parent (g1, g2, ..., gm) VALUES (v1, v2, ..., vm) RETURNING id
) INSERT INTO MyTable (parent_id, f1, f2, ..., fk) VALUES
(new_parent.id, v11, v12, ..., v1k),
(new_parent.id, v21, v22, ..., v2k),
...
(new_parent.id, vn1, vn2, ..., vnk)