| From: | Ron Johnson <ronljohnsonjr(at)gmail(dot)com> |
|---|---|
| To: | Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Having trouble passing a shell variable to a query from psql command line |
| Date: | 2025-08-29 21:15:44 |
| Message-ID: | CANzqJaCuEFz19dTB53iwiW0vDp1yHrkX8P_1bSyKPyoL8vQ+GQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Fri, Aug 29, 2025 at 3:15 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> Ron Johnson <ronljohnsonjr(at)gmail(dot)com> writes:
> > Yeah. From the cli KISS and do regular bash variable string expansion.
>
> > psql -d mydb -tAc "SELECT relkind FROM pg_class WHERE relname =
> > ${SHELL_VAR} ;"
>
> This isn't a great recommendation because bash is not aware of
> SQL's quoting rules. It'll work in simple cases, but there's
> a risk of SQL injection if the value of SHELL_VAR comes from
> an untrustworthy source.
Well, yeah, if your shell script interacts with the outside world you've
got to be a bit more robust than if the script only does db maintenance
operations on the db server.
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
| From | Date | Subject | |
|---|---|---|---|
| Next Message | w.Elliott malop | 2025-08-31 05:38:42 | |
| Previous Message | Ron Johnson | 2025-08-29 21:11:29 | Why might autovacuum not be analyzing chk_image_rp4_y2025m08? |