Re: passing schema name and table name as parameter functions in postgresql 9.2
| От | Pavel Stehule |
|---|---|
| Тема | Re: passing schema name and table name as parameter functions in postgresql 9.2 |
| Дата | |
| Msg-id | CAFj8pRBAEYZzeeuRjxH5DzvjiZusZEcvVPE7L3GNS04AUgq_LQ@mail.gmail.com обсуждение исходный текст |
| Ответ на | passing schema name and table name as parameter functions in postgresql 9.2 (anushasrivastava03 <anushasrivastava03@yahoo.co.in>) |
| Ответы |
Re: passing schema name and table name as parameter functions in
postgresql 9.2
(anushasrivastava03 <anushasrivastava03@yahoo.co.in>)
|
| Список | pgsql-general |
Hello
EXECUTE is not expression. You cannot use it inside IF statement.
more, you don't need EXECUTE (dynamic DDL) in IF statement in your example.
second issue is SQL injection vulnerability
Regards
Pavel Stehule
2013/6/6 anushasrivastava03 <anushasrivastava03@yahoo.co.in>:
> I am trying to build a function which check for the schema and table in
> database if present then select the table values else create that schema and
> table and passing schema and table name as parameters of a function.
>
>
> CREATE OR REPLACE FUNCTION master.chkbypram(schemaname text,state
> text,wallmaterial text,roofmaterial text)
> RETURNS SETOF refcursor AS
> $BODY$
> DECLARE
> Resulttable refcursor;
> tblinclusion text;
> Begin
> tblinclusion = 'inclusion'||'_'|| $2 ;
> if ( (execute 'SELECT exists(select schema_name FROM
> information_schema.schemata WHERE schema_name = '||$1||')')and ( execute
> 'select exists(select * from information_schema.tables where
> table_name='||tblinclusion||')') )
> then
> OPEN Resulttable FOR execute ' select * from '||$1||'.'||$2 using
> schemaname,state;
> RETURN NEXT Resulttable;
> else
> execute 'CREATE SCHEMA '||&1 using schemaname;
> tblinclusion = 'inclusion'||'_'|| $2 ;
> execute 'create table '||&1||'.'||tblinclusion||' AS
> select * from master.population_2 where
> statecode = '||$2
> || 'and distinct_key not in
> (
> select distinct(distinct_key)
> from master.population_2
> where
> (
> statecode = '||$2
> ||'and cast (substr(population_2.hhd_housingcodes, 4) as int ) >= 4
> and substr(population_2.hhd_housingcodes, 1,1) in (SELECT code FROM
> regexp_split_to_table('||$3||', E',') AS code)
> and substr(population_2.hhd_housingcodes, 2,1) in (SELECT code FROM
> regexp_split_to_table('||$4||', E',') AS code)
> )
> or
> statecode = '||$2
> ||'and
> (
> cast (substr(population_2.hhd_assetcodes, 4,1) as int)=3
> or cast (substr(population_2.hhd_assetcodes, 5,1) as int)=1
> or cast (substr(population_2.hhd_assetcodes, 3,1) as int)=1
> )
> or
> statecode = '||$2
> ||'and
> ( (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and cast
> (substr(population_2.hhd_assetcodes, 6,1) as int)=1)
> or (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1)
> or (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 6,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1)
> or (cast (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and
> cast (substr(population_2.hhd_assetcodes, 6,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1 )
> )
> ) '
> using schemaname, state,wallmaterial,roofmaterial;
> OPEN Resulttable FOR execute ' select * from '||$1||'.'||tblinclusion
> using schemaname,state;
> RETURN NEXT Resulttable;
> end if;
> END;
> $BODY$
> LANGUAGE plpgsql
>
> when calling this funtion it is throwing error
> select * from master.chkbypram('xyz','04','9,8','4,5,9');
>
>
> ERROR: type "execute" does not exist
> LINE 1: SELECT ( (execute 'SELECT exists(select schema_name FROM inf...
>
>
>
>
> --
> View this message in context:
http://postgresql.1045698.n5.nabble.com/passing-schema-name-and-table-name-as-parameter-functions-in-postgresql-9-2-tp5758130.html
> Sent from the PostgreSQL - general mailing list archive at Nabble.com.
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
В списке pgsql-general по дате отправления:
Предыдущее
От: anushasrivastava03Дата:
Сообщение: checking schema present or not by passing schema name as parameter
Следующее
От: Pavel StehuleДата:
Сообщение: Re: checking schema present or not by passing schema name as parameter