| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Dominic J(dot) Eidson" <sauron(at)the-infinite(dot)org> |
| Cc: | Brian Troxell <trox(at)mindspring(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: 7.1 PL/pgSQL EXECUTE Command |
| Date: | 2001-01-04 03:01:17 |
| Message-ID: | 19730.978577277@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Dominic J. Eidson" <sauron(at)the-infinite(dot)org> writes:
> EXECUTE '' DROP TRIGGER spares_'' || OLD.dbs_name || ''_update_trig ON
> '' || OLD.dbs_name || '';'';
The trailing semicolon in the EXECUTE string is unnecessary, which
allows for at least a little less cruft in examples like this.
BTW, there are two new string functions quote_ident and quote_literal
that are designed for use in constructing query strings. You can think
of them as "surround with double quotes" and "surround with single
quotes" if you like, but they are smarter than that: they also know
about escaping embedded quotes and backslashes. So, for example, if
you want to write an EXECUTE statement that updates an arbitrary field
to an arbitrary string value, you could do something like
EXECUTE ''UPDATE table SET '' || quote_identifier(fieldname) ||
'' = '' || quote_literal(newvalue) || '' WHERE ...'';
This would not fail in the presence of mixed-case fieldnames or embedded
quotes in the value, as would the too-simplistic attempt:
EXECUTE ''UPDATE table SET '' || fieldname ||
'' = '''''' || newvalue || '''''' WHERE ...'';
None of this stuff is in the docs yet :-(. Seems we've been a tad
sloppy about adding documentation for new features this time around.
Anyone want to submit a documentation patch to cover this stuff?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2001-01-04 04:25:26 | Re: Pb importing data in v. 7.0.3 |
| Previous Message | John Clark L. Naldoza | 2001-01-04 00:52:09 | Re: How passwords can be crypted in postgres? |