PL/pgSQL EXECUTE quote_ident(), and SQL injection

Is there any known way to inject SQL into a function similar to this?

create function testinjection(text,integer)
 returns void as
$BODY$
declare
begin
execute 'update '||quote_ident($1)||' set c=null where id='||$2;
return;
end;
$BODY$
language 'plpgsql' volatile security definer;
grant execute on function testinjection(text,integer) to public;