Merlin Moncure <mmoncure@xxxxxxxxx> writes: > Couple points: > *) why a special case for boolean values? That seemed weird to me too ... > *) this should be immutable What if the passed expression is volatile? Better to be safe. --------------------------------- At best, based upon the example using "current_timestamp()", you could only mark it as being stable, right? Also not mentioned; what risk is there of this function being hacked? It places the supplied data within a "SELECT (....) AS column_alias" structure so it seems to be pretty safe but can you devise a string that would, say, delete data or something similar. I would expect the following: '1); DELETE FROM table; SELECT (2' to be dangerous. What functions would you use to make the input string safe? Does "quote_literal()" plug this hole? Thanks, David J. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
