Home > mailing lists

Re: Dynamically filtering a CTE? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Dynamically filtering a CTE?
Date	April 20, 2018 22:33:22
Msg-id	CAKFQuwaOQr9Hm3msA2X+tmh2AhoyN1m+fKyRarAr3EmL20OaXg@mail.gmail.com Whole thread Raw
In response to	Re: Dynamically filtering a CTE? ("W. Trevor King" <wking@tremily.us>)
Responses	Re: Dynamically filtering a CTE?
List	pgsql-general

Tree view

On Fri, Apr 20, 2018 at 9:22 AM, W. Trevor King <wking@tremily.us> wrote:

format('
WITH RECURSIVE _ancestors(id, ancestors) AS (
SELECT
item.id AS id,
ARRAY[item.ancestor_id] AS ancestors
FROM items AS item
%s
[...]

', condition);

SELECT * FROM ancestors('WHERE item.id = 62324721');

Just keep in mind that this opens up a huge SQL-injection hole in your database. Depending on how its called you might want to validation the input text for both whitelist and blacklist items before executing it.

David J.

pgsql-general by date:

From: "W. Trevor King"
Date: 20 April 2018, 22:22:32
Subject: Re: Dynamically filtering a CTE?

From: James Keener
Date: 20 April 2018, 22:45:00
Subject: Re: Postgresql database encryption

Re: Dynamically filtering a CTE? - Mailing list pgsql-general

Previous

Next