On 2014-09-01 22:01:33 +0800, Craig Ringer wrote:
> On 09/01/2014 09:58 PM, Pavel Stehule wrote:
> >
> > It is in ToDo - allow parametrization for COMMANDs.
> >
> > But this is one point, when I am not sure if we would it. Now -
> > situation is very simply. Variables should not be used as table or
> > column name. With your proposal, the situation will by much more
> > complex, and probably variables should be used in SELECT * FROM x; but
> > it can be ambiguous SELECT x FROM table ... so maybe better to don't
> > allow it
>
> We would have to define a specific parameter marker, as used by things
> like JDBC.
>
> SELECT x FROM ?tablename
>
> DROP TABLE ?tablename
>
> or whatever your favourite place-holder syntax is.
Imo this is still something that's more dynamic SQL (i.e. EXECUTE's
remit) than something that shouldn't be doable implicitly. So perhaps
the solution is to extend EXECUTE to allow specifying tablenames as
variables more conveniently?
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services