Is there any known way to inject SQL into a function similar to this?
create function testinjection(text,integer) returns void as $BODY$ declare begin execute 'update '||quote_ident($1)||' set c=null where id='||$2; return; end; $BODY$ language 'plpgsql' volatile security definer; grant execute on function testinjection(text,integer) to public;