Re: passing schema name and table name as parameter functions in postgresql 9.2 - Mailing list pgsql-general

From Pavel Stehule
Subject Re: passing schema name and table name as parameter functions in postgresql 9.2
Date
Msg-id CAFj8pRBAEYZzeeuRjxH5DzvjiZusZEcvVPE7L3GNS04AUgq_LQ@mail.gmail.com
Whole thread Raw
In response to passing schema name and table name as parameter functions in postgresql 9.2  (anushasrivastava03 <anushasrivastava03@yahoo.co.in>)
Responses Re: passing schema name and table name as parameter functions in postgresql 9.2
List pgsql-general
Hello

EXECUTE is not expression. You cannot use it inside IF statement.

more, you don't need EXECUTE (dynamic DDL) in IF statement in your example.

second issue is SQL injection vulnerability

Regards

Pavel Stehule

2013/6/6 anushasrivastava03 <anushasrivastava03@yahoo.co.in>:
> I am trying to build a function which check for the schema and table in
> database if present then select the table values else create that schema and
> table and passing schema and table name as parameters of a function.
>
>
> CREATE OR REPLACE FUNCTION master.chkbypram(schemaname text,state
> text,wallmaterial text,roofmaterial text)
>   RETURNS SETOF refcursor AS
> $BODY$
> DECLARE
> Resulttable refcursor;
> tblinclusion text;
> Begin
> tblinclusion = 'inclusion'||'_'|| $2 ;
>  if ( (execute 'SELECT exists(select schema_name FROM
> information_schema.schemata WHERE schema_name = '||$1||')')and ( execute
> 'select exists(select * from information_schema.tables where
> table_name='||tblinclusion||')') )
>         then
>           OPEN Resulttable FOR execute ' select * from '||$1||'.'||$2 using
> schemaname,state;
>            RETURN NEXT Resulttable;
> else
>                 execute 'CREATE SCHEMA  '||&1 using schemaname;
>                         tblinclusion = 'inclusion'||'_'|| $2 ;
>                 execute 'create table '||&1||'.'||tblinclusion||' AS
>                                 select * from master.population_2 where
>                                 statecode = '||$2
>                                 || 'and distinct_key not in
>                                 (
>                                 select distinct(distinct_key)
>                                 from master.population_2
>                                 where
>                                 (
>                                 statecode = '||$2
>                                 ||'and cast (substr(population_2.hhd_housingcodes, 4) as int )  >= 4
>                                 and substr(population_2.hhd_housingcodes, 1,1)  in (SELECT code FROM
> regexp_split_to_table('||$3||', E',') AS code)
>                                 and  substr(population_2.hhd_housingcodes, 2,1) in (SELECT code FROM
> regexp_split_to_table('||$4||', E',') AS code)
>                                 )
>                                 or
>                                 statecode = '||$2
>                                 ||'and
>                                 (
>                                 cast (substr(population_2.hhd_assetcodes, 4,1) as int)=3
>                                 or cast (substr(population_2.hhd_assetcodes, 5,1) as int)=1
>                                 or cast (substr(population_2.hhd_assetcodes, 3,1) as int)=1
>                                 )
>                                 or
>                                 statecode = '||$2
>                                 ||'and
>                                 (       (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and cast
> (substr(population_2.hhd_assetcodes, 6,1) as int)=1)
>                                 or      (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1)
>                                 or      (cast (substr(population_2.hhd_assetcodes, 1,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 6,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1)
>                                 or      (cast (substr(population_2.hhd_assetcodes, 2,1) as int)in(1,3) and
> cast (substr(population_2.hhd_assetcodes, 6,1) as int)=1 and cast
> (substr(population_2.hhd_assetcodes, 4,1) as int)=1 )
>                                 )
>                                 ) '
>                                 using schemaname, state,wallmaterial,roofmaterial;
>                                  OPEN Resulttable FOR execute ' select * from '||$1||'.'||tblinclusion
> using schemaname,state;
>                                 RETURN NEXT Resulttable;
> end if;
>         END;
> $BODY$
>   LANGUAGE plpgsql
>
> when calling this funtion it is throwing error
> select * from master.chkbypram('xyz','04','9,8','4,5,9');
>
>
> ERROR:  type "execute" does not exist
> LINE 1: SELECT ( (execute 'SELECT exists(select schema_name FROM inf...
>
>
>
>
> --
> View this message in context:
http://postgresql.1045698.n5.nabble.com/passing-schema-name-and-table-name-as-parameter-functions-in-postgresql-9-2-tp5758130.html
> Sent from the PostgreSQL - general mailing list archive at Nabble.com.
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general


pgsql-general by date:

Previous
From: anushasrivastava03
Date:
Subject: checking schema present or not by passing schema name as parameter
Next
From: Pavel Stehule
Date:
Subject: Re: checking schema present or not by passing schema name as parameter