Saturday, June 17. 2017Dollar-quoting for escaping single quotesPrinter FriendlyTrackbacks
Trackback specific URI for this entry
No Trackbacks
Comments
Display comments as
(Linear | Threaded)
I've started to use format() for this kind of stuff, e.g.
CREATE OR REPLACE FUNCTION public.hello_world(param_your_name text) RETURNS text LANGUAGE sql STRICT AS $$ SELECT format('Hello world. My name is %s.', param_your_name); $$; By the way, DECLARE needs to be before BEGIN in PL/pgsql, as in: CREATE OR REPLACE FUNCTION sql_expression(param_sql text) RETURNS text LANGUAGE plpgsql STABLE STRICT AS $$ DECLARE var_result text; BEGIN EXECUTE param_sql INTO var_result; RETURN var_result; END; $$; Oh, and I've taken to using the builtins %I and %L (quote_identifier and quote_literal, respectively) when handling anything that might be a hostile input.
#1
on
2017-06-26 12:02
Thanks fixed the declare. Not sure how I made that mistake. I must have been shuffling it after I wrote it.
#1.1
on
2017-06-26 13:20
|
Entry's LinksQuicksearchCalendar
Categories
Blog Administration |