From: | Andreas Joseph Krogh <andreak(at)officenet(dot)no> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Table name as parameter |
Date: | 2011-05-10 20:37:07 |
Message-ID: | 4DC9A1F3.5060504@officenet.no |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 05/09/2011 10:59 PM, Adrian Klaver wrote:
> On 05/09/2011 12:33 PM, Sairam Krishnamurthy wrote:
>> All,
>>
>> I have a function that takes the table name the parameter. After some
>> digging I found that this can be made possible by have the query as a
>> string and EXECUTE it.
>>
>> EXECUTE 'SELECT * FROM "' || table || '" WHERE <condition>';
>>
>> The above works.
>>
>> But I want the result in a record variable for further processing. So my
>> query actually is
>>
>> EXECUTE 'SELECT * FROM "' || table || '" INTO "record_data" WHERE
>> <condition>';
>
> Try.:
>
> EXECUTE 'SELECT * FROM "' || table || '" WHERE
> <condition>' INTO record_data;
Or even safer (to avoid SQL-injection attacs): EXECUTE 'SELECT * FROM '
|| quote_ident(table_name) || ' WHERE some_column = ' ||
quote_literal(some_value)
--
Andreas Joseph Krogh <andreak(at)officenet(dot)no>
Senior Software Developer / CTO
Public key: http://home.officenet.no/~andreak/public_key.asc
------------------------+---------------------------------------------+
OfficeNet AS | The most difficult thing in the world is to |
Rosenholmveien 25 | know how to do a thing and to watch |
1414 Trollåsen | somebody else doing it wrong, without |
NORWAY | comment. |
Org.nr: NO 981 479 076 | |
| |
Tlf: +47 24 15 38 90 | |
Fax: +47 24 15 38 91 | |
Mobile: +47 909 56 963 | |
------------------------+---------------------------------------------+
From | Date | Subject | |
---|---|---|---|
Next Message | Eric Ridge | 2011-05-10 22:46:49 | Index bloat with "USING GIN(varchar[])" index? |
Previous Message | Vlad Romascanu | 2011-05-10 20:31:37 | One-off attempt at catalog hacking to turn bytea column into text |