2011/3/21 Vibhor Kumar :
>
> On Mar 22, 2011, at 1:52 AM, Pavel Stehule wrote:
>
>> simply thinks as using USAGE clause or functions quote_ident,
>> quote_literal are faster and absolutly secure :). Software like SQL
>
> I don't think usage of quote_ident in current requirement of user, would
> pr
On Mar 22, 2011, at 1:52 AM, Pavel Stehule wrote:
> simply thinks as using USAGE clause or functions quote_ident,
> quote_literal are faster and absolutly secure :). Software like SQL
I don't think usage of quote_ident in current requirement of user, would
prevent sql injection.
Running sql mul
2011/3/21 Vibhor Kumar :
>
> On Mar 22, 2011, at 1:32 AM, Pavel Stehule wrote:
>
>> it can work too, but there is sql injection risk.
>>
>> Do newer 'SELECT ... FROM ' || tabname || ' ...
>>
>> Regards
>>
>> Pavel Stehule
>
> Yes true. Same with the following too:
> CREATE FUNCTION foo(tablename te
On Mar 22, 2011, at 1:32 AM, Pavel Stehule wrote:
> it can work too, but there is sql injection risk.
>
> Do newer 'SELECT ... FROM ' || tabname || ' ...
>
> Regards
>
> Pavel Stehule
Yes true. Same with the following too:
CREATE FUNCTION foo(tablename text)
RETURNS SETOF text AS $$
BEGIN
RET
2011/3/21 Vibhor Kumar :
>
> On Mar 21, 2011, at 11:13 PM, Jon Smark wrote:
>
>>
>> Is there any way for a SQL or PL/pgSQL function to receive a table
>> as parameter? As an illustration, consider the dummy example below.
>> Note that functions get_from_data1 and get_from_data2 follow essentially
On Mar 21, 2011, at 11:13 PM, Jon Smark wrote:
>
> Is there any way for a SQL or PL/pgSQL function to receive a table
> as parameter? As an illustration, consider the dummy example below.
> Note that functions get_from_data1 and get_from_data2 follow essentially
> the same pattern; it would
Hello
2011/3/21 Jon Smark :
> Hi,
>
> Is there any way for a SQL or PL/pgSQL function to receive a table
> as parameter? As an illustration, consider the dummy example below.
> Note that functions get_from_data1 and get_from_data2 follow essentially
> the same pattern; it would be nice to define
Hi,
Is there any way for a SQL or PL/pgSQL function to receive a table
as parameter? As an illustration, consider the dummy example below.
Note that functions get_from_data1 and get_from_data2 follow essentially
the same pattern; it would be nice to define instead a single polymorphic
function
