Re: eval function

Merlin Moncure <mmoncure@gmail.com> writes:
> Couple points:
> *) why a special case for boolean values?

That seemed weird to me too ...

> *) this should be immutable

What if the passed expression is volatile?  Better to be safe.

---------------------------------

At best, based upon the example using "current_timestamp()", you could only
mark it as being stable, right?

Also not mentioned; what risk is there of this function being hacked?  It
places the supplied data within a "SELECT  (....) AS column_alias" structure
so it seems to be pretty safe but can you devise a string that would, say,
delete data or something similar.  I would expect the following: '1); DELETE
FROM table; SELECT (2' to be dangerous.  What functions would you use to
make the input string safe?  Does "quote_literal()" plug this hole?

Thanks,

David J.