Re: 7.1 PL/pgSQL EXECUTE Command - Mailing list pgsql-general

From Tom Lane
Subject Re: 7.1 PL/pgSQL EXECUTE Command
Date
Msg-id 19730.978577277@sss.pgh.pa.us
Whole thread Raw
In response to Re: 7.1 PL/pgSQL EXECUTE Command  ("Dominic J. Eidson" <sauron@the-infinite.org>)
Responses Re: 7.1 PL/pgSQL EXECUTE Command
List pgsql-general
"Dominic J. Eidson" <sauron@the-infinite.org> writes:
>   EXECUTE '' DROP TRIGGER spares_'' || OLD.dbs_name || ''_update_trig ON
>     '' || OLD.dbs_name || '';'';

The trailing semicolon in the EXECUTE string is unnecessary, which
allows for at least a little less cruft in examples like this.

BTW, there are two new string functions quote_ident and quote_literal
that are designed for use in constructing query strings.  You can think
of them as "surround with double quotes" and "surround with single
quotes" if you like, but they are smarter than that: they also know
about escaping embedded quotes and backslashes.  So, for example, if
you want to write an EXECUTE statement that updates an arbitrary field
to an arbitrary string value, you could do something like

    EXECUTE ''UPDATE table SET '' || quote_identifier(fieldname) ||
        '' = '' || quote_literal(newvalue) || '' WHERE ...'';

This would not fail in the presence of mixed-case fieldnames or embedded
quotes in the value, as would the too-simplistic attempt:

    EXECUTE ''UPDATE table SET '' || fieldname ||
        '' = '''''' || newvalue || '''''' WHERE ...'';

None of this stuff is in the docs yet :-(.  Seems we've been a tad
sloppy about adding documentation for new features this time around.
Anyone want to submit a documentation patch to cover this stuff?

            regards, tom lane

pgsql-general by date:

Previous
From: "John Clark L. Naldoza"
Date:
Subject: Re: How passwords can be crypted in postgres?
Next
From: Tom Lane
Date:
Subject: Re: Pb importing data in v. 7.0.3