dynamic-sql

I have two tables: A [ID, column1, column2, column3] B [ID, column1, column2, column3, column4] A will always be subset of B (meaning all columns of A are also in B ). I want to update a record with a specific ID in B with their data from A for all columns of A . This ID exists both in A and B . Is there an UPDATE syntax or any other way to do that without specifying the column names, just saying "set all columns of A" ? I'm using PostgreSQL, so a specific non-standard command is also accepted (however, not preferred). You can use the non-standard FROM clause. UPDATE b SET column1 = a.column1,

I want to select column names but I don't know the table structure ahead of time and it may change so I can't just hard code the select statement with column names. I also do NOT want to select every column. Is there and easy way to do this? My thoughts are it's some kind of combination of these two queries but my SQL is not that good. SHOW COLUMNS FROM table_name; SELECT * FROM table_name; I tried using a sub select but it didn't work. Nothing seems to happen, I don't get an error I just get no results SELECT (SELECT column_name FROM information_schema.columns WHERE table_name ='table_name')

We have a ton of SQL Server stored procedures which rely on dynamic SQL. The parameters to the stored procedure are used in a dynamic SQL statement. We need a standard validation function inside these stored procedures to validate these parameters and prevent SQL injection. Assume we have these constraints: We can't rewrite the procedures to not use Dynamic SQL We can't use sp_OACreate etc., to use regular expressions for validation. We can't modify the application which calls the stored procedure to validate the parameters before they are passed to the stored procedure. Is there a set of

It looks like #temptables created using dynamic SQL via the EXECUTE string method have a different scope and can't be referenced by "fixed" SQLs in the same stored procedure. However, I can reference a temp table created by a dynamic SQL statement in a subsequence dynamic SQL but it seems that a stored procedure does not return a query result to a calling client unless the SQL is fixed. A simple 2 table scenario: I have 2 tables. Let's call them Orders and Items. Order has a Primary key of OrderId and Items has a Primary Key of ItemId. Items.OrderId is the foreign key to identify the parent

I keep all my functions in a text file with 'CREATE OR REPLACE FUNCTION somefunction' . So if I add or change some function I just feed the file to psql. Now if I add or remove parameters to an existing function, it creates an overload with the same name and to delete the original I need type in all the parameter types in the exact order which is kind of tedious. Is there some kind of wildcard I can use to DROP all functions with a given name so I can just add DROP FUNCTION lines to the top of my file? You would need to write a function that took the function name, and looked up each overload

I am generating some Dynamic SQL and would like to ensure that my code is safe from SQL injection . For sake of argument here is a minimal example of how it is generated: var sql = string.Format("INSERT INTO {0} ({1}) VALUES (@value)", tableName, columnName); In the above, tableName , columnName , and whatever is bound to @value come from an untrusted source. Since placeholders are being used @value is safe from SQL injection attacks, and can be ignored. (The command is executed via SqlCommand.) However, tableName and columnName cannot be bound as placeholders and are therefor vulnerable to