dynamic-sql

问题 I have this function in plpgsql: CREATE OR REPLACE function login_v(em varchar, passwd varchar) RETURNS users AS $$ DECLARE cu users; BEGIN SELECT * into cu FROM users where email = em AND encrypted_password = crypt(passwd, encrypted_password); return cu; END $$ LANGUAGE plpgsql; When I provide an input like this: select login_v('test@test.com'' OR 1=1;--','la la la'); , I think my method should return the user with email test@test.com . What Am I doing wrong? Performing SQL injection is

问题 I need to do the same deletion or purge operation (based on several conditions) on a set of tables. For that I am trying to pass the table names in an array to a function. I am not sure if I am doing it right. Or is there a better way? I am pasting just a sample example this is not the real function I have written but the basic is same as below: CREATE OR REPLACE FUNCTION test (tablename text[]) RETURNS int AS $func$ BEGIN execute 'delete * from '||tablename; RETURN 1; END $func$ LANGUAGE

问题 I want to create a script that will have variables of _user and _pass to create the user in the Postgres database only if such login does not exist yet. I was thinking this would work, but i cant tell what is the issue: DO $DO$ DECLARE _user TEXT := 'myuser'; _pass TEXT := 'user!pass'; BEGIN IF NOT EXISTS ( SELECT 1 FROM pg_catalog.pg_roles WHERE rolname = _user) THEN RAISE NOTICE 'Creating user % ...',_user; CREATE USER _user WITH LOGIN NOSUPERUSER CREATEDB CREATEROLE NOREPLICATION PASSWORD

问题 This is how I create my search_term : IF char_length(search_term) > 0 THEN order_by := 'ts_rank_cd(textsearchable_index_col, to_tsquery(''' || search_term || ':*''))+GREATEST(0,(-1*EXTRACT(epoch FROM age(last_edited)/86400))+60)/60 DESC'; search_term := 'to_tsquery(''' || search_term || ':*'') @@ textsearchable_index_col'; ELSE search_term := 'true'; END IF; I am having some trouble with a PLPGSQL function: RETURN QUERY EXECUTE ' SELECT * FROM articles WHERE $1 AND ' || publication_date_query

问题 Following the approach mentioned in this link, I want to pass ORDER BY and sorting order to a function dynamically. ORDER BY is working fine but I am not able to pass sorting order ( ASC / DESC ). What I have now: CREATE OR REPLACE FUNCTION list(_limit integer,_offset integer,sort_by varchar(100), _order varchar(100),_category varchar(100)) RETURNS TABLE( id INTEGER, name VARCHAR, clientname VARCHAR, totalcount BIGINT ) AS $$ DECLARE empty text := ''; BEGIN RETURN Query EXECUTE 'SELECT d.id,

问题 I have the following query to triggers on all tables in schema public: SELECT 'CREATE TRIGGER ' || tab_name|| '_if_modified_trg INSERT OR UPDATE OR DELETE ON ' || tab_name|| ' FOR EACH ROW EXECUTE PROCEDURE audit.if_modified_func(); ' AS trigger_creation_query FROM ( SELECT quote_ident(table_schema) || '.' || quote_ident(table_name) as tab_name FROM information_schema.tables WHERE table_schema='public' ) AS foo; And I know how to check if a trigger exists: SELECT tgname from pg_trigger where

问题 I have an application where i need to enable end users to create adhoc reports by defining their options through some type of wizard whose process would be something like: 1) User selects the table(s) he wants to query (eg person, project, activities) 2) defines the list of fields he requires (eg name, email, projects, activity, activity info) 3) supplies the filter criteria for the records to return (eg Person name, ongoing activities) I am using hibernate with postgres database with more

问题 I'm just starting to learn T-SQL and could use some help in understanding what's going on in a particular block of code. I modified some code in an answer I received in a previous question, and here is the code in question: DECLARE @column_list AS varchar(max) SELECT @column_list = COALESCE(@column_list, ',') + 'SUM(Case When Sku2=' + CONVERT(varchar, Sku2) + ' Then Quantity Else 0 End) As [' + CONVERT(varchar, Sku2) + ' - ' + Convert(varchar,Description) +'],' FROM OrderDetailDeliveryReview

问题 I want to build custom Where condition based on stored procedure inputs, if not null then I will use them in the statement, else I will not use them. if @Vendor_Name is not null begin set @where += 'Upper(vendors.VENDOR_NAME) LIKE "%"+ UPPER(@Vendor_Name) +"%"' end else if @Entity is not null begin set @where += 'AND headers.ORG_ID = @Entity' end select * from table_name where @where But I get this error An expression of non-boolean type specified in a context where a condition is expected,

问题 I am showing data in CGridView from a dynamic SQL Query using CSqlDataProvider. There are some static and some dynamic column. Now I want to do some special formatting like currency in the dynamic columns. But how do I do that when I don't know the number/name of the columns till the query is executed. Also i want to be able to sort the dynamic columns and again I have the same problem that I don't have all the column names. Anyone before who worked with dynamic queries and gridview. Could