Search Postgresql Archives

Re: Pass where clause to a function

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Aug 14, 2014 at 1:17 AM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
> On 8/13/2014 10:59 PM, Andrew Bartley wrote:
>
> I need this because it is a customer requirement.  The underlying tables the
> api will query are dynamically created, they are period/content partitioned
> and distributed across multiple servers and database types... not just
> postgres.  The api/function will determine what servers/databases/tables
> (some of them are foreign tables) to query based on the parameters passed to
> the api.  The customer wants to use their current reporting tool that does
> not support function selects.
>
>
> I don't know how you would pass those expression fragments to a view to be
> passed to the function, however.
>
> what you describe above (and in the rest of your post) sounds very
> convoluted, and rather prone to poor performance.

Also be advised that sending user generated raw text to an EXECUTE'd
statement is a horrible injection risk.  It's still ok (somtimes) but
only in a 100% trust situation.  Perhaps you could add a little bit of
safety by adding making two arguments: comparison field and comparison
value and using quote_ident/quote_literal around them; it's a good
habit to use quote_xx around any token that is possible to be supplied
by a human.

merlin


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux